Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rTTSWIFTCOPIES.exe

Overview

General Information

Sample name:rTTSWIFTCOPIES.exe
Analysis ID:1579833
MD5:1c3f7140d38d7320a7ec488d5dfae288
SHA1:c3b46b92999239b04863b7c3f90f2f2eaa6db2ec
SHA256:0aa158cfa64154a3887768fdcd2a157ead2f1e46e3a54c0820fbb32676b060f8
Tags:exeuser-Porcupine
Infos:

Detection

MassLogger RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected MassLogger RAT
Yara detected Telegram RAT
.NET source code references suspicious native API functions
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Contains functionality to log keystrokes (.Net Source)
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • rTTSWIFTCOPIES.exe (PID: 6508 cmdline: "C:\Users\user\Desktop\rTTSWIFTCOPIES.exe" MD5: 1C3F7140D38D7320A7EC488D5DFAE288)
    • RegSvcs.exe (PID: 6632 cmdline: "C:\Users\user\Desktop\rTTSWIFTCOPIES.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
  • cleanup
{"EXfil Mode": "SMTP", "From": "sungi1@surewaz.com", "Password": "Ysi!OfKlofTv", "Server": "surewaz.com", "To": "sungi@surewaz.com", "Port": 587}
SourceRuleDescriptionAuthorStrings
00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
    00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0xf1a7:$a1: get_encryptedPassword
        • 0xf4cf:$a2: get_encryptedUsername
        • 0xef42:$a3: get_timePasswordChanged
        • 0xf063:$a4: get_passwordField
        • 0xf1bd:$a5: set_encryptedPassword
        • 0x10b19:$a7: get_logins
        • 0x107ca:$a8: GetOutlookPasswords
        • 0x105bc:$a9: StartKeylogger
        • 0x10a69:$a10: KeyLoggerEventArgs
        • 0x10619:$a11: KeyLoggerEventArgsEventHandler
        00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmpMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
        • 0x14135:$a2: \Comodo\Dragon\User Data\Default\Login Data
        • 0x13633:$a3: \Google\Chrome\User Data\Default\Login Data
        • 0x13941:$a4: \Orbitum\User Data\Default\Login Data
        • 0x14739:$a5: \Kometa\User Data\Default\Login Data
        Click to see the 13 entries
        SourceRuleDescriptionAuthorStrings
        2.2.RegSvcs.exe.400000.0.unpackJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
          2.2.RegSvcs.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            2.2.RegSvcs.exe.400000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
              2.2.RegSvcs.exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
              • 0xf1a7:$a1: get_encryptedPassword
              • 0xf4cf:$a2: get_encryptedUsername
              • 0xef42:$a3: get_timePasswordChanged
              • 0xf063:$a4: get_passwordField
              • 0xf1bd:$a5: set_encryptedPassword
              • 0x10b19:$a7: get_logins
              • 0x107ca:$a8: GetOutlookPasswords
              • 0x105bc:$a9: StartKeylogger
              • 0x10a69:$a10: KeyLoggerEventArgs
              • 0x10619:$a11: KeyLoggerEventArgsEventHandler
              2.2.RegSvcs.exe.400000.0.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
              • 0x14135:$a2: \Comodo\Dragon\User Data\Default\Login Data
              • 0x13633:$a3: \Google\Chrome\User Data\Default\Login Data
              • 0x13941:$a4: \Orbitum\User Data\Default\Login Data
              • 0x14739:$a5: \Kometa\User Data\Default\Login Data
              Click to see the 10 entries
              No Sigma rule has matched
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-23T10:32:04.287380+010028032742Potentially Bad Traffic192.168.2.549704193.122.130.080TCP

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: 2.2.RegSvcs.exe.400000.0.unpackMalware Configuration Extractor: MassLogger {"EXfil Mode": "SMTP", "From": "sungi1@surewaz.com", "Password": "Ysi!OfKlofTv", "Server": "surewaz.com", "To": "sungi@surewaz.com", "Port": 587}
              Source: rTTSWIFTCOPIES.exeReversingLabs: Detection: 28%
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Source: rTTSWIFTCOPIES.exeJoe Sandbox ML: detected

              Location Tracking

              barindex
              Source: unknownDNS query: name: reallyfreegeoip.org
              Source: rTTSWIFTCOPIES.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49705 version: TLS 1.0
              Source: Binary string: wntdll.pdbUGP source: rTTSWIFTCOPIES.exe, 00000000.00000003.2062956539.0000000004050000.00000004.00001000.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000003.2065684898.0000000004210000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: rTTSWIFTCOPIES.exe, 00000000.00000003.2062956539.0000000004050000.00000004.00001000.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000003.2065684898.0000000004210000.00000004.00001000.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B0DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00B0DBBE
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00ADC2A2 FindFirstFileExW,0_2_00ADC2A2
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B168EE FindFirstFileW,FindClose,0_2_00B168EE
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B1698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00B1698F
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B0D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B0D076
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B0D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B0D3A9
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B19642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B19642
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B1979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B1979D
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B19B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00B19B2B
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B15C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00B15C97
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 012B9731h2_2_012B9480
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 012B9E5Ah2_2_012B9A40
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 012B9E5Ah2_2_012B9A30
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 012B9E5Ah2_2_012B9D87
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 193.122.130.0 193.122.130.0
              Source: Joe Sandbox ViewIP Address: 172.67.177.134 172.67.177.134
              Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
              Source: unknownDNS query: name: checkip.dyndns.org
              Source: unknownDNS query: name: reallyfreegeoip.org
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49704 -> 193.122.130.0:80
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.2.5:49705 version: TLS 1.0
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B1CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00B1CE44
              Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
              Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
              Source: RegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
              Source: RegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.comd
              Source: RegSvcs.exe, 00000002.00000002.3278104598.0000000002D6E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
              Source: RegSvcs.exe, 00000002.00000002.3278104598.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
              Source: RegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/d
              Source: rTTSWIFTCOPIES.exe, 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
              Source: RegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.orgd
              Source: RegSvcs.exe, 00000002.00000002.3278104598.0000000002D9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
              Source: RegSvcs.exe, 00000002.00000002.3278104598.0000000002D9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.orgd
              Source: RegSvcs.exe, 00000002.00000002.3278104598.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: rTTSWIFTCOPIES.exe, 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot-/sendDocument?chat_id=
              Source: RegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
              Source: rTTSWIFTCOPIES.exe, 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
              Source: RegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189d
              Source: RegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189l
              Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705

              Key, Mouse, Clipboard, Microphone and Screen Capturing

              barindex
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, UltraSpeed.cs.Net Code: VKCodeToUnicode
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B1EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00B1EAFF
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B1ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00B1ED6A
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B1EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00B1EAFF
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B0AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00B0AA57
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B39576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00B39576

              System Summary

              barindex
              Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: rTTSWIFTCOPIES.exe PID: 6508, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: RegSvcs.exe PID: 6632, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: rTTSWIFTCOPIES.exeString found in binary or memory: This is a third-party compiled AutoIt script.
              Source: rTTSWIFTCOPIES.exe, 00000000.00000000.2033736291.0000000000B62000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_cd27e484-a
              Source: rTTSWIFTCOPIES.exe, 00000000.00000000.2033736291.0000000000B62000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_9e08d2d8-3
              Source: rTTSWIFTCOPIES.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_5acee134-a
              Source: rTTSWIFTCOPIES.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_da5528b1-5
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B0D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00B0D5EB
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B01201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00B01201
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B0E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00B0E8F6
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AA80600_2_00AA8060
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B120460_2_00B12046
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B082980_2_00B08298
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00ADE4FF0_2_00ADE4FF
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AD676B0_2_00AD676B
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B348730_2_00B34873
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00ACCAA00_2_00ACCAA0
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AACAF00_2_00AACAF0
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00ABCC390_2_00ABCC39
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AD6DD90_2_00AD6DD9
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00ABD0640_2_00ABD064
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AA91C00_2_00AA91C0
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00ABB1190_2_00ABB119
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC13940_2_00AC1394
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC17060_2_00AC1706
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC781B0_2_00AC781B
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC19B00_2_00AC19B0
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AA79200_2_00AA7920
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AB997D0_2_00AB997D
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC7A4A0_2_00AC7A4A
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC7CA70_2_00AC7CA7
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC1C770_2_00AC1C77
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AD9EEE0_2_00AD9EEE
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B2BE440_2_00B2BE44
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC1F320_2_00AC1F32
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_017A09100_2_017A0910
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_012BC5302_2_012BC530
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_012B27B92_2_012B27B9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_012B94802_2_012B9480
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_012BC4AA2_2_012BC4AA
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_012B2DD12_2_012B2DD1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_012B946F2_2_012B946F
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: String function: 00ABF9F2 appears 40 times
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: String function: 00AA9CB3 appears 31 times
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: String function: 00AC0A30 appears 46 times
              Source: rTTSWIFTCOPIES.exe, 00000000.00000003.2063625568.0000000004173000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs rTTSWIFTCOPIES.exe
              Source: rTTSWIFTCOPIES.exe, 00000000.00000003.2065684898.000000000433D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs rTTSWIFTCOPIES.exe
              Source: rTTSWIFTCOPIES.exe, 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCloudServices.exe< vs rTTSWIFTCOPIES.exe
              Source: rTTSWIFTCOPIES.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: rTTSWIFTCOPIES.exe PID: 6508, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: RegSvcs.exe PID: 6632, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, UltraSpeed.csCryptographic APIs: 'TransformFinalBlock'
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, COVIDPickers.csCryptographic APIs: 'TransformFinalBlock'
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/4@2/2
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B137B5 GetLastError,FormatMessageW,0_2_00B137B5
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B010BF AdjustTokenPrivileges,CloseHandle,0_2_00B010BF
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B016C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00B016C3
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B151CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00B151CD
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B2A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00B2A67C
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B1648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00B1648E
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AA42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00AA42A2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: NULL
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeFile created: C:\Users\user\AppData\Local\Temp\autD57C.tmpJump to behavior
              Source: rTTSWIFTCOPIES.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: RegSvcs.exe, 00000002.00000002.3278104598.0000000002DFE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3278104598.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3278104598.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3278104598.0000000002E1F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3278707348.0000000003D2D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3278104598.0000000002E13000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: rTTSWIFTCOPIES.exeReversingLabs: Detection: 28%
              Source: unknownProcess created: C:\Users\user\Desktop\rTTSWIFTCOPIES.exe "C:\Users\user\Desktop\rTTSWIFTCOPIES.exe"
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\rTTSWIFTCOPIES.exe"
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\rTTSWIFTCOPIES.exe"Jump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: rTTSWIFTCOPIES.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
              Source: rTTSWIFTCOPIES.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
              Source: rTTSWIFTCOPIES.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
              Source: rTTSWIFTCOPIES.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: rTTSWIFTCOPIES.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
              Source: rTTSWIFTCOPIES.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
              Source: rTTSWIFTCOPIES.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: wntdll.pdbUGP source: rTTSWIFTCOPIES.exe, 00000000.00000003.2062956539.0000000004050000.00000004.00001000.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000003.2065684898.0000000004210000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: rTTSWIFTCOPIES.exe, 00000000.00000003.2062956539.0000000004050000.00000004.00001000.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000003.2065684898.0000000004210000.00000004.00001000.00020000.00000000.sdmp
              Source: rTTSWIFTCOPIES.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: rTTSWIFTCOPIES.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: rTTSWIFTCOPIES.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: rTTSWIFTCOPIES.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: rTTSWIFTCOPIES.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AA42DE
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC0A76 push ecx; ret 0_2_00AC0A89
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_012BB3A8 push eax; iretd 2_2_012BB445
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_012BBB22 push es; iretd 2_2_012BBB44
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00ABF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00ABF98E
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B31C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00B31C41
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-97601
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeAPI/Special instruction interceptor: Address: 17A0534
              Source: rTTSWIFTCOPIES.exe, 00000000.00000003.2034889292.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000003.2034286475.00000000017A0000.00000004.00000020.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000003.2034666921.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000003.2034720774.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000003.2035211749.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000003.2034326221.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000003.2037963475.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000003.2067033883.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000003.2034992488.00000000017B8000.00000004.00000020.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000002.2067586757.00000000017B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE;C
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeAPI coverage: 4.2 %
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B0DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00B0DBBE
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00ADC2A2 FindFirstFileExW,0_2_00ADC2A2
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B168EE FindFirstFileW,FindClose,0_2_00B168EE
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B1698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00B1698F
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B0D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B0D076
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B0D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B0D3A9
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B19642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B19642
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B1979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B1979D
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B19B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00B19B2B
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B15C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00B15C97
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AA42DE
              Source: RegSvcs.exe, 00000002.00000002.3277458502.0000000001037000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll|
              Source: rTTSWIFTCOPIES.exe, 00000000.00000003.2066890540.00000000018FD000.00000004.00000020.00020000.00000000.sdmp, rTTSWIFTCOPIES.exe, 00000000.00000003.2066943773.000000000184F000.00000004.00000020.00020000.00000000.sdmp, subpredication.0.drBinary or memory string: ^{WZQEmUXXFX
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B1EAA2 BlockInput,0_2_00B1EAA2
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AD2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00AD2622
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AA42DE
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC4CE8 mov eax, dword ptr fs:[00000030h]0_2_00AC4CE8
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_017A07A0 mov eax, dword ptr fs:[00000030h]0_2_017A07A0
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_017A0800 mov eax, dword ptr fs:[00000030h]0_2_017A0800
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_0179F110 mov eax, dword ptr fs:[00000030h]0_2_0179F110
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B00B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00B00B62
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AD2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00AD2622
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00AC083F
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC09D5 SetUnhandledExceptionFilter,0_2_00AC09D5
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00AC0C21
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, UltraSpeed.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, FFDecryptor.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
              Source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, FFDecryptor.csReference to suspicious API methods: hModuleList.Add(LoadLibrary(text9 + "\\mozglue.dll"))
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: DB2008Jump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B01201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00B01201
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AE2BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00AE2BA5
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B0B226 SendInput,keybd_event,0_2_00B0B226
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B222DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00B222DA
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\rTTSWIFTCOPIES.exe"Jump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B00B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00B00B62
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B01663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00B01663
              Source: rTTSWIFTCOPIES.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
              Source: rTTSWIFTCOPIES.exeBinary or memory string: Shell_TrayWnd
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AC0698 cpuid 0_2_00AC0698
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B18195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00B18195
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AFD27A GetUserNameW,0_2_00AFD27A
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00ADB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00ADB952
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00AA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AA42DE
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: rTTSWIFTCOPIES.exe PID: 6508, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6632, type: MEMORYSTR
              Source: Yara matchFile source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: rTTSWIFTCOPIES.exe PID: 6508, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6632, type: MEMORYSTR
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: rTTSWIFTCOPIES.exeBinary or memory string: WIN_81
              Source: rTTSWIFTCOPIES.exeBinary or memory string: WIN_XP
              Source: rTTSWIFTCOPIES.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
              Source: rTTSWIFTCOPIES.exeBinary or memory string: WIN_XPe
              Source: rTTSWIFTCOPIES.exeBinary or memory string: WIN_VISTA
              Source: rTTSWIFTCOPIES.exeBinary or memory string: WIN_7
              Source: rTTSWIFTCOPIES.exeBinary or memory string: WIN_8
              Source: Yara matchFile source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.3278104598.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: rTTSWIFTCOPIES.exe PID: 6508, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6632, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Source: Yara matchFile source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: rTTSWIFTCOPIES.exe PID: 6508, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6632, type: MEMORYSTR
              Source: Yara matchFile source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.rTTSWIFTCOPIES.exe.4030000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: rTTSWIFTCOPIES.exe PID: 6508, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6632, type: MEMORYSTR
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B21204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00B21204
              Source: C:\Users\user\Desktop\rTTSWIFTCOPIES.exeCode function: 0_2_00B21806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00B21806
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire Infrastructure2
              Valid Accounts
              11
              Native API
              1
              DLL Side-Loading
              1
              Exploitation for Privilege Escalation
              11
              Disable or Modify Tools
              1
              OS Credential Dumping
              2
              System Time Discovery
              Remote Services11
              Archive Collected Data
              2
              Ingress Tool Transfer
              Exfiltration Over Other Network Medium1
              System Shutdown/Reboot
              CredentialsDomainsDefault AccountsScheduled Task/Job2
              Valid Accounts
              1
              DLL Side-Loading
              11
              Deobfuscate/Decode Files or Information
              121
              Input Capture
              1
              Account Discovery
              Remote Desktop Protocol1
              Data from Local System
              11
              Encrypted Channel
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
              Valid Accounts
              3
              Obfuscated Files or Information
              Security Account Manager1
              File and Directory Discovery
              SMB/Windows Admin Shares1
              Email Collection
              2
              Non-Application Layer Protocol
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
              Access Token Manipulation
              1
              DLL Side-Loading
              NTDS127
              System Information Discovery
              Distributed Component Object Model121
              Input Capture
              13
              Application Layer Protocol
              Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script212
              Process Injection
              2
              Valid Accounts
              LSA Secrets321
              Security Software Discovery
              SSH3
              Clipboard Data
              Fallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Virtualization/Sandbox Evasion
              Cached Domain Credentials1
              Virtualization/Sandbox Evasion
              VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
              Access Token Manipulation
              DCSync2
              Process Discovery
              Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job212
              Process Injection
              Proc Filesystem1
              Application Window Discovery
              Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
              System Owner/User Discovery
              Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
              System Network Configuration Discovery
              Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              rTTSWIFTCOPIES.exe29%ReversingLabsWin32.Trojan.AutoitInject
              rTTSWIFTCOPIES.exe100%Joe Sandbox ML
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              NameIPActiveMaliciousAntivirus DetectionReputation
              reallyfreegeoip.org
              172.67.177.134
              truefalse
                high
                checkip.dyndns.com
                193.122.130.0
                truefalse
                  high
                  checkip.dyndns.org
                  unknown
                  unknownfalse
                    high
                    NameMaliciousAntivirus DetectionReputation
                    http://checkip.dyndns.org/false
                      high
                      https://reallyfreegeoip.org/xml/8.46.123.189false
                        high
                        NameSourceMaliciousAntivirus DetectionReputation
                        https://reallyfreegeoip.org/xml/8.46.123.189lRegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          http://checkip.dyndns.comdRegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://checkip.dyndns.org/qrTTSWIFTCOPIES.exe, 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmpfalse
                              high
                              http://reallyfreegeoip.orgdRegSvcs.exe, 00000002.00000002.3278104598.0000000002D9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://reallyfreegeoip.org/xml/8.46.123.189dRegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://reallyfreegeoip.orgRegSvcs.exe, 00000002.00000002.3278104598.0000000002D9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://checkip.dyndns.orgdRegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://reallyfreegeoip.orgRegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://checkip.dyndns.orgRegSvcs.exe, 00000002.00000002.3278104598.0000000002D6E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://checkip.dyndns.comRegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://checkip.dyndns.org/dRegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegSvcs.exe, 00000002.00000002.3278104598.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://api.telegram.org/bot-/sendDocument?chat_id=rTTSWIFTCOPIES.exe, 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmpfalse
                                                  high
                                                  https://reallyfreegeoip.org/xml/rTTSWIFTCOPIES.exe, 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3278104598.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmpfalse
                                                    high
                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs
                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    193.122.130.0
                                                    checkip.dyndns.comUnited States
                                                    31898ORACLE-BMC-31898USfalse
                                                    172.67.177.134
                                                    reallyfreegeoip.orgUnited States
                                                    13335CLOUDFLARENETUSfalse
                                                    Joe Sandbox version:41.0.0 Charoite
                                                    Analysis ID:1579833
                                                    Start date and time:2024-12-23 10:31:05 +01:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 5m 49s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:5
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:rTTSWIFTCOPIES.exe
                                                    Detection:MAL
                                                    Classification:mal100.troj.spyw.evad.winEXE@3/4@2/2
                                                    EGA Information:
                                                    • Successful, ratio: 50%
                                                    HCA Information:
                                                    • Successful, ratio: 99%
                                                    • Number of executed functions: 54
                                                    • Number of non-executed functions: 296
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe
                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                    • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63, 4.245.163.56
                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                    • Execution Graph export aborted for target RegSvcs.exe, PID 6632 because it is empty
                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                    • VT rate limit hit for: rTTSWIFTCOPIES.exe
                                                    No simulations
                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    193.122.130.066776676676.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                    • checkip.dyndns.org/
                                                    87h216Snb7.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                    • checkip.dyndns.org/
                                                    dP5z8RpEyQ.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                    • checkip.dyndns.org/
                                                    pre-stowage.PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                    • checkip.dyndns.org/
                                                    HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                    • checkip.dyndns.org/
                                                    PURCHASE ORDER TRC-0909718-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                    • checkip.dyndns.org/
                                                    ref_97024130865.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                    • checkip.dyndns.org/
                                                    TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                    • checkip.dyndns.org/
                                                    REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                    • checkip.dyndns.org/
                                                    SWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                    • checkip.dyndns.org/
                                                    172.67.177.134Ziraat_Bankasi_Swift_Mesaji_TXB04958T.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                      YU SV Payment.exeGet hashmaliciousMassLogger RATBrowse
                                                        PAYMENT ADVICE 750013-1012449943-81347-pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                          HUSDGHCE23ED.exeGet hashmaliciousMassLogger RATBrowse
                                                            66776676676.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                              RFQ December-January Forcast and TCL.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                Invoice.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  PK241200518-EMAIL RELEASE-pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    ugpJX5h56S.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                      MV GOLDEN SCHULTE DETAILS.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        checkip.dyndns.comZiraat_Bankasi_Swift_Mesaji_TXB04958T.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 158.101.44.242
                                                                        Statement_3029_from_Cross_Traders_and_Logistics_ltd.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 158.101.44.242
                                                                        Invoice DHL - AWB 2024 E4001 - 0000731.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 132.226.247.73
                                                                        Requested Documentation.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 158.101.44.242
                                                                        YU SV Payment.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 193.122.6.168
                                                                        PURCHASE ORDER TRC-090971819130-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • 132.226.247.73
                                                                        PAYMENT ADVICE 750013-1012449943-81347-pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • 193.122.6.168
                                                                        Overheaped237.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                        • 158.101.44.242
                                                                        HUSDGHCE23ED.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 158.101.44.242
                                                                        66776676676.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • 193.122.130.0
                                                                        reallyfreegeoip.orgZiraat_Bankasi_Swift_Mesaji_TXB04958T.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        Statement_3029_from_Cross_Traders_and_Logistics_ltd.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 104.21.67.152
                                                                        Invoice DHL - AWB 2024 E4001 - 0000731.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 104.21.67.152
                                                                        YU SV Payment.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        PURCHASE ORDER TRC-090971819130-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • 104.21.67.152
                                                                        PAYMENT ADVICE 750013-1012449943-81347-pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        Overheaped237.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                        • 104.21.67.152
                                                                        HUSDGHCE23ED.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        66776676676.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        _Company.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        • 104.21.67.152
                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        ORACLE-BMC-31898USnshkmips.elfGet hashmaliciousMiraiBrowse
                                                                        • 132.145.36.70
                                                                        Ziraat_Bankasi_Swift_Mesaji_TXB04958T.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 158.101.44.242
                                                                        Statement_3029_from_Cross_Traders_and_Logistics_ltd.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 158.101.44.242
                                                                        nshkarm.elfGet hashmaliciousMiraiBrowse
                                                                        • 140.238.15.102
                                                                        nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                        • 140.238.98.44
                                                                        Requested Documentation.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 158.101.44.242
                                                                        YU SV Payment.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 193.122.6.168
                                                                        la.bot.sparc.elfGet hashmaliciousMiraiBrowse
                                                                        • 168.138.95.8
                                                                        PAYMENT ADVICE 750013-1012449943-81347-pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • 193.122.6.168
                                                                        x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                        • 144.25.16.134
                                                                        CLOUDFLARENETUShttps://www.google.com.au/url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/Get hashmaliciousUnknownBrowse
                                                                        • 172.67.154.63
                                                                        https://a41c415c7bccad129d61b50d2032009e.aktive-senioren.biz/de/st/1?#bqcnl4tocgzq65tck3bvGet hashmaliciousUnknownBrowse
                                                                        • 104.21.92.223
                                                                        FBmz85HS0d.exeGet hashmaliciousLummaCBrowse
                                                                        • 172.67.150.173
                                                                        armv5l.elfGet hashmaliciousUnknownBrowse
                                                                        • 1.8.230.191
                                                                        BJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
                                                                        • 172.67.150.173
                                                                        Ref#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                                        • 104.26.13.205
                                                                        LNn56KMkEE.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.66.86
                                                                        BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                        • 104.21.66.86
                                                                        FBVmDbz2nb.exeGet hashmaliciousLummaC, StealcBrowse
                                                                        • 104.21.32.96
                                                                        mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.66.86
                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        54328bd36c14bd82ddaa0c04b25ed9adZiraat_Bankasi_Swift_Mesaji_TXB04958T.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        Statement_3029_from_Cross_Traders_and_Logistics_ltd.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        Browser.Daemon.exeGet hashmaliciousUnknownBrowse
                                                                        • 172.67.177.134
                                                                        Browser.Daemon.exeGet hashmaliciousUnknownBrowse
                                                                        • 172.67.177.134
                                                                        Invoice DHL - AWB 2024 E4001 - 0000731.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        YU SV Payment.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        PURCHASE ORDER TRC-090971819130-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        PAYMENT ADVICE 750013-1012449943-81347-pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        Overheaped237.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                        • 172.67.177.134
                                                                        HUSDGHCE23ED.exeGet hashmaliciousMassLogger RATBrowse
                                                                        • 172.67.177.134
                                                                        No context
                                                                        Process:C:\Users\user\Desktop\rTTSWIFTCOPIES.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):15220
                                                                        Entropy (8bit):7.5781473647311035
                                                                        Encrypted:false
                                                                        SSDEEP:384:E9/RtsnvgGGsxLOxNiN7a6hDts0+ygHgdsZhQNT:ERA4G9OX6hSrNC
                                                                        MD5:93774F1398624C37B3C7D3271AAE59A5
                                                                        SHA1:F371D271302894226F983470E7F2FA7CD69936E0
                                                                        SHA-256:40BF3E310F2C98E201FDF0C07E87DF18BF8A5C47B620C5C371B7B29C52676131
                                                                        SHA-512:D2D85FA26E92B1B0756E6CCEF165F60089B3C24AF2C9E1F32B5D1DD3D29F108FADE3E62DD8CE4B1ECD793177866D2315F9865E8C03D93658C629A38D7DDC2C4B
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:EA06.....Zo.........SP.n......5e...`.....|....T...3...(.6&.....9vp.=...G.....7@..9......$..k...........c}V.....?.P...p...Y@Q?.{..'..c.D.&.N. .'.9e.D.&`...D..' ...D...s...D...S.(......sP...h...M.Q?.y..G.c.D....Q.......O......60..........vh...0.7..!.....)^...t.C........$..C......l>[......!....|.0...&d.....Hz..a....l?..uo.....P......V0....j......|......l.....A.?.. Bg.8.l.E..Ed.L...?.. Bg.....Y..>@.............@..'.....8|.?..u.........l. O..]e...O..!e...& ....#s.......3.Y....9.......9..M.7?............l?...F..........C7....g .........x2..8.a...?..j..+4.....W?..j....Y..M. ?.0....Q...d}S0{.......M.".@...Z........V....n.....Q>...'.N...r..(.-........0W.........(....... 6..p.....6zh......?.....O8....lCN....i..?..8}@L..E.i.....61...f#q....>.N....4..M.Q?.q.........D..0N..V.A..M.>K0i..d.h.&...%.Y...|.*..<..aw.].3c..H.@B?...G..1...' ....k|.A.O..#.....}V`....#..H|.P!..d....0z....Y..>K..G.*/....G.7c.H..b....W..1....?.01..b.!...@.?..o.F|....p9......S.!..nb.!....zb0..
                                                                        Process:C:\Users\user\Desktop\rTTSWIFTCOPIES.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):73198
                                                                        Entropy (8bit):7.920842720072953
                                                                        Encrypted:false
                                                                        SSDEEP:1536:rYC+gCLmdfdS/tWyPcXrtoxIglqkmTWNrPrlytgQneatc8OCAQg:rYC+gCSxW87tcIglqh0wzztc8sH
                                                                        MD5:BFB00D44127E3CBAA4F811DA0A5AF35F
                                                                        SHA1:3DA00CF7B9DCC5D4B593E05950AB907860B0C131
                                                                        SHA-256:F21EA39325C56E2D58E973C5DF484F6D53798B81A4C124276A2C1306BA2552FF
                                                                        SHA-512:EC32255E2FAAED752518FFFD1182DDF3C5A1F0B91FDE86BE96CA73847D999C87CDE8349FF9D50D659A50A484E1FAD6C1B8F41ABAF585DDD241B39522A7BF81BA
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:EA06..n..@;...JiL..h5...S..k5.eJq5.V&..E6.M.M..J...Z..jtP.....q...'U?.>....$.)y.N.4k...5...r.U^gZ.K&.....'.J....-w.]&.....W.P"....C..8M2.X.f....|.uSJ..B..k3.UV.M.t..Y.V.....j.t@.4....Q..k..9..Wk.M..h`...g....KT.I..Z.*iB.t.(./......:r.9.*....b)..../..E..+T.(..jV..N..u.4..5........Y.....ef.N.W.b.....+..f...~..tej...p.t....>.mf...R....^.H...9).2.C..$.@...M.C.+.NuL.v..+..T.p.P.<.Uj.V.. u.eSi..V1.A_...;3mMs....g..8..)..u:eZ...jZ.tG......m.:-..Ed.t......rN..W...0..;.W".....:.0.B.:....J...Z...)...k..t..g..~R$1..R...R)....iR.s(...vSo....."r.K.U+...6.Z..-.)..G..h2KmN.G...Ty..C._)....4.M,.Z..OO..ju.=.N.Lf.J.z.;.V....BiL..i...'.Y.~.U*.B...\-S:M6.0..,...V.Z..v.|..L.O#.K.ZI^.t,3K.ZeT...4..V./..U....7........C(t.=f.q..it..r.=..e.+..r...I..%A...V.=Nw~../..]..4.X.rK.*iV.R.`......Z;6..B;..").|.6.m.M)T;L6.Z..op.mf.L.]..J.....R.Q.T.E..au.]N.m.Vk.j.J.T.G=..mB.H.......]..j.:...X.Jb. .r}H..-t..h..............y.......N.6.Hk.pen.6....rc..Mj.-.j....)SJ..>..k5.L..E.....cV.Ra
                                                                        Process:C:\Users\user\Desktop\rTTSWIFTCOPIES.exe
                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):178198
                                                                        Entropy (8bit):3.1748308159293988
                                                                        Encrypted:false
                                                                        SSDEEP:48:sb3feqfCpfS6ftqfA0f9fWf9fZ1fi20fq0fFfY6fofi51fK0fi0fCfZ1fK0f70fn:iaNibHCIL8aDfoQ7CA4iomCk/sqoHklX
                                                                        MD5:F864506EF1A880357FB988B5AC81E9FC
                                                                        SHA1:54FED57A0E64FFCA08D831B2068DB71165BD116D
                                                                        SHA-256:F47C2996D193C38FAD1DA7C4643DF5D3FCB6744D35029BA34275D947359045EA
                                                                        SHA-512:4E7A3CF1C76404BE5D8DD93B5EA458800BAA6A23CCF27030845D9B1D433716A6D8B19FB400D6E7CDBC5DB0814B4ABADB77E2B51E7314DDF3BB10652057FEC361
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:hixjs0hixjsxhixjs5hixjs5hixjs8hixjsbhixjsehixjschixjs8hixjs1hixjsehixjschixjschixjschixjs0hixjs2hixjs0hixjs0hixjs0hixjs0hixjs5hixjs6hixjs5hixjs7hixjsbhixjs8hixjs6hixjsbhixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjs5hixjs8hixjs4hixjsbhixjs9hixjs6hixjs5hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjsdhixjs8hixjs6hixjsbhixjsahixjs7hixjs2hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs5hixjs5hixjs8hixjs8hixjsbhixjs8hixjs6hixjsehixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjs5hixjs8hixjsahixjsbhixjs9hixjs6hixjs5hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjsdhixjs8hixjschixjsbhixjsahixjs6hixjschixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs5hixjs5hixjs8hixjsehixjsbhixjs8hixjs3hixjs3hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjs5hixjs9hixjs0hixjsbhixjs9hixjs3hixjs2hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjsdhixj
                                                                        Process:C:\Users\user\Desktop\rTTSWIFTCOPIES.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):93696
                                                                        Entropy (8bit):6.866350727942454
                                                                        Encrypted:false
                                                                        SSDEEP:1536:pPuC55XGlWL2z/HDiKScvmnoAyBv8aZqRCewQQ7CnI2wmRmgLTZQZM/aGCuC:luCfXGlWy/HDiKSHoAyBv/ZqRXdIlZe+
                                                                        MD5:DD3D6F6D736B1CA86B583D5570C22E29
                                                                        SHA1:7FFA46D10AF979C6228933D5A4988373A63924DC
                                                                        SHA-256:4CA793F9495DC55CC8F4123E472191990401D6E44CCD306A315893E119C59911
                                                                        SHA-512:2691B9BBB7C62C56260B052C52E61EBE9126B53E43CF467EA3D65EB430E0653CF80548ADF24676A88E390385EE85C3264892F80700E115A6B4519E7C914AADAE
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:...J7R4LGAAY..US.MYXLR85.X4ZHMZMJ4R4LCAAYZKUSEMYXLR85TX4ZHMZ.J4R:S.OA.S.t.D..y.:QFt(F5/?; jW3Z",5a;?k'&+m06l.wft5[>-cW@@.R4LCAAY..US.LZX....TX4ZHMZM.4P5GB.AY>JUSMMYXLR8+.Y4ZhMZM.5R4L.AAyZKUQEM]XLR85TX2ZHMZMJ4R.MCACYZKUSEOY8.R8%TX$ZHMZ]J4B4LCAAYJKUSEMYXLR85..5Z.MZMJ.S4.FAAYZKUSEMYXLR85TX4Z.LZAJ4R4LCAAYZKUSEMYXLR85TX4ZHMZMJ4R4LCAAYZKUSEMYXLR85TX.ZHEZMJ4R4LCAAYRkUS.MYXLR85TX4Zf9?5>4R4h!@AYzKUS!LYXNR85TX4ZHMZMJ4R.LC!o+)96SEM.]LR8.UX4\HMZ+K4R4LCAAYZKUSE.YX.|JP87WZHAZMJ4.5LCCAYZ'TSEMYXLR85TX4Z.MZ.J4R4LCAAYZKUSEMYX.S85TX4.HMZOJ1Rp.CA..ZKVSEM.XLT..TX.ZHMZMJ4R4LCAAYZKUSEMYXLR85TX4ZHMZMJ4R4LCAAY.6.\...1?..5TX4ZHLXNN2Z<LCAAYZKU-EMY.LR8uTX4mHMZhJ4RYLCAeYZK+SEM'XLR\5TXFZHM;MJ4.4LC.AYZ%USE3YXLL:.KX4PbkZOb.R4FCk.*{KUY.LYXH!.5TR.XHM^>i4R>.@AA])oUSO.]XLVK.TX>.MMZI`nR7.UGAYA$mSEGY[.G>5TC.|HOrtJ4X4feAB.OMUS^g{XN.15T\..;PZML..4LI5HYZI.YEM]rRP.vTX>pj3IMJ0y4fa?UYZO~Soo'MLR<.Tr.$^MZIa4x.2TAA]qK.Uo/Y*.^8EW7UZHKr.J4X..CAGYpqU-KMY\N=.5TR.prMr.J4T4d.AA_Za.S;~YXH~?KgX4^c[$|J4V.J;AA_).USOh.kLR<..X4PHg.MbmR4JCi.YZM
                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                        Entropy (8bit):6.8216521770078185
                                                                        TrID:
                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                        File name:rTTSWIFTCOPIES.exe
                                                                        File size:1'029'120 bytes
                                                                        MD5:1c3f7140d38d7320a7ec488d5dfae288
                                                                        SHA1:c3b46b92999239b04863b7c3f90f2f2eaa6db2ec
                                                                        SHA256:0aa158cfa64154a3887768fdcd2a157ead2f1e46e3a54c0820fbb32676b060f8
                                                                        SHA512:2b23566e8ea3c00ef9c9d7c951d012158f428ced75b53095c011c167428ecd0e7504ffaf2838d7ad59aa85d8b9dad8ef7d571a8f5c4dbb2090494f6354a4998f
                                                                        SSDEEP:24576:CqDEvCTbMWu7rQYlBQcBiT6rprG8aDJFqgIjeI:CTvC/MTQYxsWR7aD9
                                                                        TLSH:0225AF0273D1D062FFAB92334B5AF6115BBC69260123E62F13981D79BE701B1563E7A3
                                                                        File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                        Icon Hash:aaf3e3e3938382a0
                                                                        Entrypoint:0x420577
                                                                        Entrypoint Section:.text
                                                                        Digitally signed:false
                                                                        Imagebase:0x400000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0x6768A40A [Sun Dec 22 23:43:06 2024 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:5
                                                                        OS Version Minor:1
                                                                        File Version Major:5
                                                                        File Version Minor:1
                                                                        Subsystem Version Major:5
                                                                        Subsystem Version Minor:1
                                                                        Import Hash:948cc502fe9226992dce9417f952fce3
                                                                        Instruction
                                                                        call 00007F0548C3CC93h
                                                                        jmp 00007F0548C3C59Fh
                                                                        push ebp
                                                                        mov ebp, esp
                                                                        push esi
                                                                        push dword ptr [ebp+08h]
                                                                        mov esi, ecx
                                                                        call 00007F0548C3C77Dh
                                                                        mov dword ptr [esi], 0049FDF0h
                                                                        mov eax, esi
                                                                        pop esi
                                                                        pop ebp
                                                                        retn 0004h
                                                                        and dword ptr [ecx+04h], 00000000h
                                                                        mov eax, ecx
                                                                        and dword ptr [ecx+08h], 00000000h
                                                                        mov dword ptr [ecx+04h], 0049FDF8h
                                                                        mov dword ptr [ecx], 0049FDF0h
                                                                        ret
                                                                        push ebp
                                                                        mov ebp, esp
                                                                        push esi
                                                                        push dword ptr [ebp+08h]
                                                                        mov esi, ecx
                                                                        call 00007F0548C3C74Ah
                                                                        mov dword ptr [esi], 0049FE0Ch
                                                                        mov eax, esi
                                                                        pop esi
                                                                        pop ebp
                                                                        retn 0004h
                                                                        and dword ptr [ecx+04h], 00000000h
                                                                        mov eax, ecx
                                                                        and dword ptr [ecx+08h], 00000000h
                                                                        mov dword ptr [ecx+04h], 0049FE14h
                                                                        mov dword ptr [ecx], 0049FE0Ch
                                                                        ret
                                                                        push ebp
                                                                        mov ebp, esp
                                                                        push esi
                                                                        mov esi, ecx
                                                                        lea eax, dword ptr [esi+04h]
                                                                        mov dword ptr [esi], 0049FDD0h
                                                                        and dword ptr [eax], 00000000h
                                                                        and dword ptr [eax+04h], 00000000h
                                                                        push eax
                                                                        mov eax, dword ptr [ebp+08h]
                                                                        add eax, 04h
                                                                        push eax
                                                                        call 00007F0548C3F33Dh
                                                                        pop ecx
                                                                        pop ecx
                                                                        mov eax, esi
                                                                        pop esi
                                                                        pop ebp
                                                                        retn 0004h
                                                                        lea eax, dword ptr [ecx+04h]
                                                                        mov dword ptr [ecx], 0049FDD0h
                                                                        push eax
                                                                        call 00007F0548C3F388h
                                                                        pop ecx
                                                                        ret
                                                                        push ebp
                                                                        mov ebp, esp
                                                                        push esi
                                                                        mov esi, ecx
                                                                        lea eax, dword ptr [esi+04h]
                                                                        mov dword ptr [esi], 0049FDD0h
                                                                        push eax
                                                                        call 00007F0548C3F371h
                                                                        test byte ptr [ebp+08h], 00000001h
                                                                        pop ecx
                                                                        Programming Language:
                                                                        • [ C ] VS2008 SP1 build 30729
                                                                        • [IMP] VS2008 SP1 build 30729
                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x249ac.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xf90000x7594.reloc
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .rsrc0xd40000x249ac0x24a00684148a3cc995c8f86f39add245c2287False0.8210724189419796data7.597817091337454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .reloc0xf90000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                        RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                        RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                        RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                        RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                        RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                        RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                        RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                        RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                        RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                        RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                        RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                        RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                        RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                        RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                        RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                        RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                        RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                        RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                        RT_RCDATA0xdc7b80x1bc72data1.0003603508586898
                                                                        RT_GROUP_ICON0xf842c0x76dataEnglishGreat Britain0.6610169491525424
                                                                        RT_GROUP_ICON0xf84a40x14dataEnglishGreat Britain1.25
                                                                        RT_GROUP_ICON0xf84b80x14dataEnglishGreat Britain1.15
                                                                        RT_GROUP_ICON0xf84cc0x14dataEnglishGreat Britain1.25
                                                                        RT_VERSION0xf84e00xdcdataEnglishGreat Britain0.6181818181818182
                                                                        RT_MANIFEST0xf85bc0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                        DLLImport
                                                                        WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                        VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                        WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                        COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                        MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                        WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                        PSAPI.DLLGetProcessMemoryInfo
                                                                        IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                        USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                        UxTheme.dllIsThemeActive
                                                                        KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                        USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                        GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                        COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                        ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                        SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                        ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                        OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                        Language of compilation systemCountry where language is spokenMap
                                                                        EnglishGreat Britain
                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                        2024-12-23T10:32:04.287380+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549704193.122.130.080TCP
                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Dec 23, 2024 10:32:01.957524061 CET4970480192.168.2.5193.122.130.0
                                                                        Dec 23, 2024 10:32:02.078016043 CET8049704193.122.130.0192.168.2.5
                                                                        Dec 23, 2024 10:32:02.078116894 CET4970480192.168.2.5193.122.130.0
                                                                        Dec 23, 2024 10:32:02.078608990 CET4970480192.168.2.5193.122.130.0
                                                                        Dec 23, 2024 10:32:02.198934078 CET8049704193.122.130.0192.168.2.5
                                                                        Dec 23, 2024 10:32:03.907847881 CET8049704193.122.130.0192.168.2.5
                                                                        Dec 23, 2024 10:32:03.912847996 CET4970480192.168.2.5193.122.130.0
                                                                        Dec 23, 2024 10:32:04.032613039 CET8049704193.122.130.0192.168.2.5
                                                                        Dec 23, 2024 10:32:04.232778072 CET8049704193.122.130.0192.168.2.5
                                                                        Dec 23, 2024 10:32:04.287379980 CET4970480192.168.2.5193.122.130.0
                                                                        Dec 23, 2024 10:32:04.839066029 CET49705443192.168.2.5172.67.177.134
                                                                        Dec 23, 2024 10:32:04.839129925 CET44349705172.67.177.134192.168.2.5
                                                                        Dec 23, 2024 10:32:04.839231968 CET49705443192.168.2.5172.67.177.134
                                                                        Dec 23, 2024 10:32:04.846179008 CET49705443192.168.2.5172.67.177.134
                                                                        Dec 23, 2024 10:32:04.846196890 CET44349705172.67.177.134192.168.2.5
                                                                        Dec 23, 2024 10:32:06.063637972 CET44349705172.67.177.134192.168.2.5
                                                                        Dec 23, 2024 10:32:06.063760996 CET49705443192.168.2.5172.67.177.134
                                                                        Dec 23, 2024 10:32:06.069319010 CET49705443192.168.2.5172.67.177.134
                                                                        Dec 23, 2024 10:32:06.069329023 CET44349705172.67.177.134192.168.2.5
                                                                        Dec 23, 2024 10:32:06.069612026 CET44349705172.67.177.134192.168.2.5
                                                                        Dec 23, 2024 10:32:06.115545988 CET49705443192.168.2.5172.67.177.134
                                                                        Dec 23, 2024 10:32:06.181066036 CET49705443192.168.2.5172.67.177.134
                                                                        Dec 23, 2024 10:32:06.227371931 CET44349705172.67.177.134192.168.2.5
                                                                        Dec 23, 2024 10:32:06.511121988 CET44349705172.67.177.134192.168.2.5
                                                                        Dec 23, 2024 10:32:06.511183977 CET44349705172.67.177.134192.168.2.5
                                                                        Dec 23, 2024 10:32:06.511241913 CET49705443192.168.2.5172.67.177.134
                                                                        Dec 23, 2024 10:32:06.519335032 CET49705443192.168.2.5172.67.177.134
                                                                        Dec 23, 2024 10:33:09.364481926 CET8049704193.122.130.0192.168.2.5
                                                                        Dec 23, 2024 10:33:09.364603043 CET4970480192.168.2.5193.122.130.0
                                                                        Dec 23, 2024 10:33:44.241507053 CET4970480192.168.2.5193.122.130.0
                                                                        Dec 23, 2024 10:33:44.360940933 CET8049704193.122.130.0192.168.2.5
                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Dec 23, 2024 10:32:01.812967062 CET6517553192.168.2.51.1.1.1
                                                                        Dec 23, 2024 10:32:01.950671911 CET53651751.1.1.1192.168.2.5
                                                                        Dec 23, 2024 10:32:04.234869957 CET6514153192.168.2.51.1.1.1
                                                                        Dec 23, 2024 10:32:04.838179111 CET53651411.1.1.1192.168.2.5
                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        Dec 23, 2024 10:32:01.812967062 CET192.168.2.51.1.1.10xed48Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                        Dec 23, 2024 10:32:04.234869957 CET192.168.2.51.1.1.10xae3cStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        Dec 23, 2024 10:32:01.950671911 CET1.1.1.1192.168.2.50xed48No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                        Dec 23, 2024 10:32:01.950671911 CET1.1.1.1192.168.2.50xed48No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                        Dec 23, 2024 10:32:01.950671911 CET1.1.1.1192.168.2.50xed48No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                        Dec 23, 2024 10:32:01.950671911 CET1.1.1.1192.168.2.50xed48No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                        Dec 23, 2024 10:32:01.950671911 CET1.1.1.1192.168.2.50xed48No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                        Dec 23, 2024 10:32:01.950671911 CET1.1.1.1192.168.2.50xed48No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                        Dec 23, 2024 10:32:04.838179111 CET1.1.1.1192.168.2.50xae3cNo error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                        Dec 23, 2024 10:32:04.838179111 CET1.1.1.1192.168.2.50xae3cNo error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                                        • reallyfreegeoip.org
                                                                        • checkip.dyndns.org
                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.549704193.122.130.0806632C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 23, 2024 10:32:02.078608990 CET151OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Connection: Keep-Alive
                                                                        Dec 23, 2024 10:32:03.907847881 CET321INHTTP/1.1 200 OK
                                                                        Date: Mon, 23 Dec 2024 09:32:03 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 6a1ecd0b6dcfee6d8eee15bc0c20ec54
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                        Dec 23, 2024 10:32:03.912847996 CET127OUTGET / HTTP/1.1
                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                        Host: checkip.dyndns.org
                                                                        Dec 23, 2024 10:32:04.232778072 CET321INHTTP/1.1 200 OK
                                                                        Date: Mon, 23 Dec 2024 09:32:04 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 104
                                                                        Connection: keep-alive
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        X-Request-ID: 366b5eb339150c63d9976951e90c28f8
                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.549705172.67.177.1344436632C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-12-23 09:32:06 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                        Host: reallyfreegeoip.org
                                                                        Connection: Keep-Alive
                                                                        2024-12-23 09:32:06 UTC860INHTTP/1.1 200 OK
                                                                        Date: Mon, 23 Dec 2024 09:32:06 GMT
                                                                        Content-Type: text/xml
                                                                        Content-Length: 362
                                                                        Connection: close
                                                                        Age: 261115
                                                                        Cache-Control: max-age=31536000
                                                                        cf-cache-status: HIT
                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oDE2qX%2FGhcFjZHUlLcyzEQGi88Dqd%2FdoumFxdgLWOcKw34n4C2nt5MZcTQ%2Fj3oABN%2FKBhicxTrlPpcXsMiugW7jEEzbB5v8gH7%2FjlZO7f6PiSEpxNLMyUe7%2FlvoOkheFyjrLbPjS"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f6757abaa53333c-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1870&min_rtt=1862&rtt_var=715&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=699&delivery_rate=1512953&cwnd=229&unsent_bytes=0&cid=a44960e194d7e31f&ts=459&x=0"
                                                                        2024-12-23 09:32:06 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                        Click to jump to process

                                                                        Click to jump to process

                                                                        Click to dive into process behavior distribution

                                                                        Click to jump to process

                                                                        Target ID:0
                                                                        Start time:04:31:57
                                                                        Start date:23/12/2024
                                                                        Path:C:\Users\user\Desktop\rTTSWIFTCOPIES.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\rTTSWIFTCOPIES.exe"
                                                                        Imagebase:0xaa0000
                                                                        File size:1'029'120 bytes
                                                                        MD5 hash:1C3F7140D38D7320A7EC488D5DFAE288
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                        • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000000.00000002.2067890263.0000000004030000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        Target ID:2
                                                                        Start time:04:32:00
                                                                        Start date:23/12/2024
                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\rTTSWIFTCOPIES.exe"
                                                                        Imagebase:0xa60000
                                                                        File size:45'984 bytes
                                                                        MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3278104598.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.3277255223.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:3.4%
                                                                          Dynamic/Decrypted Code Coverage:0.4%
                                                                          Signature Coverage:2.8%
                                                                          Total number of Nodes:2000
                                                                          Total number of Limit Nodes:56
                                                                          execution_graph 96451 aa1cad SystemParametersInfoW 96452 179f650 96466 179d2a0 96452->96466 96454 179f766 96469 179f540 96454->96469 96472 17a07a0 GetPEB 96466->96472 96468 179d92b 96468->96454 96470 179f549 Sleep 96469->96470 96471 179f557 96470->96471 96473 17a07ca 96472->96473 96473->96468 96474 aa2de3 96475 aa2df0 __wsopen_s 96474->96475 96476 aa2e09 96475->96476 96477 ae2c2b ___scrt_fastfail 96475->96477 96490 aa3aa2 96476->96490 96480 ae2c47 GetOpenFileNameW 96477->96480 96482 ae2c96 96480->96482 96548 aa6b57 96482->96548 96485 ae2cab 96485->96485 96487 aa2e27 96518 aa44a8 96487->96518 96560 ae1f50 96490->96560 96493 aa3ae9 96566 aaa6c3 96493->96566 96494 aa3ace 96496 aa6b57 22 API calls 96494->96496 96497 aa3ada 96496->96497 96562 aa37a0 96497->96562 96500 aa2da5 96501 ae1f50 __wsopen_s 96500->96501 96502 aa2db2 GetLongPathNameW 96501->96502 96503 aa6b57 22 API calls 96502->96503 96504 aa2dda 96503->96504 96505 aa3598 96504->96505 96617 aaa961 96505->96617 96508 aa3aa2 23 API calls 96509 aa35b5 96508->96509 96510 aa35c0 96509->96510 96514 ae32eb 96509->96514 96622 aa515f 96510->96622 96515 ae330d 96514->96515 96634 abce60 41 API calls 96514->96634 96517 aa35df 96517->96487 96635 aa4ecb 96518->96635 96521 ae3833 96657 b12cf9 96521->96657 96522 aa4ecb 94 API calls 96524 aa44e1 96522->96524 96524->96521 96526 aa44e9 96524->96526 96525 ae3848 96527 ae384c 96525->96527 96528 ae3869 96525->96528 96530 ae3854 96526->96530 96531 aa44f5 96526->96531 96698 aa4f39 96527->96698 96529 abfe0b 22 API calls 96528->96529 96547 ae38ae 96529->96547 96704 b0da5a 82 API calls 96530->96704 96697 aa940c 136 API calls 2 library calls 96531->96697 96535 aa2e31 96536 ae3862 96536->96528 96537 ae3a5f 96538 ae3a67 96537->96538 96539 aa4f39 68 API calls 96538->96539 96708 b0989b 82 API calls __wsopen_s 96538->96708 96539->96538 96544 aa9cb3 22 API calls 96544->96547 96547->96537 96547->96538 96547->96544 96683 aaa4a1 96547->96683 96691 aa3ff7 96547->96691 96705 b0967e 22 API calls __fread_nolock 96547->96705 96706 b095ad 42 API calls _wcslen 96547->96706 96707 b10b5a 22 API calls 96547->96707 96549 aa6b67 _wcslen 96548->96549 96550 ae4ba1 96548->96550 96553 aa6b7d 96549->96553 96554 aa6ba2 96549->96554 96551 aa93b2 22 API calls 96550->96551 96552 ae4baa 96551->96552 96552->96552 97340 aa6f34 22 API calls 96553->97340 96556 abfddb 22 API calls 96554->96556 96558 aa6bae 96556->96558 96557 aa6b85 __fread_nolock 96557->96485 96559 abfe0b 22 API calls 96558->96559 96559->96557 96561 aa3aaf GetFullPathNameW 96560->96561 96561->96493 96561->96494 96563 aa37ae 96562->96563 96572 aa93b2 96563->96572 96565 aa2e12 96565->96500 96567 aaa6dd 96566->96567 96568 aaa6d0 96566->96568 96569 abfddb 22 API calls 96567->96569 96568->96497 96570 aaa6e7 96569->96570 96571 abfe0b 22 API calls 96570->96571 96571->96568 96573 aa93c0 96572->96573 96575 aa93c9 __fread_nolock 96572->96575 96573->96575 96576 aaaec9 96573->96576 96575->96565 96577 aaaed9 __fread_nolock 96576->96577 96578 aaaedc 96576->96578 96577->96575 96582 abfddb 96578->96582 96580 aaaee7 96592 abfe0b 96580->96592 96586 abfde0 96582->96586 96584 abfdfa 96584->96580 96586->96584 96588 abfdfc 96586->96588 96602 acea0c 96586->96602 96609 ac4ead 7 API calls 2 library calls 96586->96609 96587 ac066d 96611 ac32a4 RaiseException 96587->96611 96588->96587 96610 ac32a4 RaiseException 96588->96610 96591 ac068a 96591->96580 96593 abfddb 96592->96593 96594 acea0c ___std_exception_copy 21 API calls 96593->96594 96595 abfdfa 96593->96595 96598 abfdfc 96593->96598 96614 ac4ead 7 API calls 2 library calls 96593->96614 96594->96593 96595->96577 96597 ac066d 96616 ac32a4 RaiseException 96597->96616 96598->96597 96615 ac32a4 RaiseException 96598->96615 96601 ac068a 96601->96577 96604 ad3820 __dosmaperr 96602->96604 96603 ad385e 96613 acf2d9 20 API calls __dosmaperr 96603->96613 96604->96603 96605 ad3849 RtlAllocateHeap 96604->96605 96612 ac4ead 7 API calls 2 library calls 96604->96612 96605->96604 96607 ad385c 96605->96607 96607->96586 96609->96586 96610->96587 96611->96591 96612->96604 96613->96607 96614->96593 96615->96597 96616->96601 96618 abfe0b 22 API calls 96617->96618 96619 aaa976 96618->96619 96620 abfddb 22 API calls 96619->96620 96621 aa35aa 96620->96621 96621->96508 96623 aa516e 96622->96623 96627 aa518f __fread_nolock 96622->96627 96625 abfe0b 22 API calls 96623->96625 96624 abfddb 22 API calls 96626 aa35cc 96624->96626 96625->96627 96628 aa35f3 96626->96628 96627->96624 96629 aa3605 96628->96629 96633 aa3624 __fread_nolock 96628->96633 96631 abfe0b 22 API calls 96629->96631 96630 abfddb 22 API calls 96632 aa363b 96630->96632 96631->96633 96632->96517 96633->96630 96634->96514 96709 aa4e90 LoadLibraryA 96635->96709 96640 ae3ccf 96642 aa4f39 68 API calls 96640->96642 96641 aa4ef6 LoadLibraryExW 96717 aa4e59 LoadLibraryA 96641->96717 96644 ae3cd6 96642->96644 96646 aa4e59 3 API calls 96644->96646 96648 ae3cde 96646->96648 96739 aa50f5 96648->96739 96649 aa4f20 96649->96648 96650 aa4f2c 96649->96650 96651 aa4f39 68 API calls 96650->96651 96653 aa44cd 96651->96653 96653->96521 96653->96522 96656 ae3d05 96658 b12d15 96657->96658 96659 aa511f 64 API calls 96658->96659 96660 b12d29 96659->96660 97010 b12e66 96660->97010 96663 aa50f5 40 API calls 96664 b12d56 96663->96664 96665 aa50f5 40 API calls 96664->96665 96666 b12d66 96665->96666 96667 aa50f5 40 API calls 96666->96667 96668 b12d81 96667->96668 96669 aa50f5 40 API calls 96668->96669 96670 b12d9c 96669->96670 96671 aa511f 64 API calls 96670->96671 96672 b12db3 96671->96672 96673 acea0c ___std_exception_copy 21 API calls 96672->96673 96674 b12dba 96673->96674 96675 acea0c ___std_exception_copy 21 API calls 96674->96675 96676 b12dc4 96675->96676 96677 aa50f5 40 API calls 96676->96677 96678 b12dd8 96677->96678 96679 b128fe 27 API calls 96678->96679 96680 b12dee 96679->96680 96681 b12d3f 96680->96681 97016 b122ce 96680->97016 96681->96525 96684 aaa52b 96683->96684 96685 aaa4b1 __fread_nolock 96683->96685 96687 abfe0b 22 API calls 96684->96687 96686 abfddb 22 API calls 96685->96686 96688 aaa4b8 96686->96688 96687->96685 96689 aaa4d6 96688->96689 96690 abfddb 22 API calls 96688->96690 96689->96547 96690->96689 96692 aa400a 96691->96692 96695 aa40ae 96691->96695 96693 abfe0b 22 API calls 96692->96693 96696 aa403c 96692->96696 96693->96696 96694 abfddb 22 API calls 96694->96696 96695->96547 96696->96694 96696->96695 96697->96535 96699 aa4f4a 96698->96699 96700 aa4f43 96698->96700 96702 aa4f6a FreeLibrary 96699->96702 96703 aa4f59 96699->96703 96701 ace678 67 API calls 96700->96701 96701->96699 96702->96703 96703->96530 96704->96536 96705->96547 96706->96547 96707->96547 96708->96538 96710 aa4ea8 GetProcAddress 96709->96710 96711 aa4ec6 96709->96711 96712 aa4eb8 96710->96712 96714 ace5eb 96711->96714 96712->96711 96713 aa4ebf FreeLibrary 96712->96713 96713->96711 96747 ace52a 96714->96747 96716 aa4eea 96716->96640 96716->96641 96718 aa4e6e GetProcAddress 96717->96718 96719 aa4e8d 96717->96719 96720 aa4e7e 96718->96720 96722 aa4f80 96719->96722 96720->96719 96721 aa4e86 FreeLibrary 96720->96721 96721->96719 96723 abfe0b 22 API calls 96722->96723 96724 aa4f95 96723->96724 96815 aa5722 96724->96815 96726 aa4fa1 __fread_nolock 96727 ae3d1d 96726->96727 96728 aa50a5 96726->96728 96738 aa4fdc 96726->96738 96829 b1304d 74 API calls 96727->96829 96818 aa42a2 CreateStreamOnHGlobal 96728->96818 96731 ae3d22 96733 aa511f 64 API calls 96731->96733 96732 aa50f5 40 API calls 96732->96738 96734 ae3d45 96733->96734 96735 aa50f5 40 API calls 96734->96735 96737 aa506e messages 96735->96737 96737->96649 96738->96731 96738->96732 96738->96737 96824 aa511f 96738->96824 96740 aa5107 96739->96740 96741 ae3d70 96739->96741 96851 ace8c4 96740->96851 96744 b128fe 96993 b1274e 96744->96993 96746 b12919 96746->96656 96750 ace536 ___BuildCatchObject 96747->96750 96748 ace544 96772 acf2d9 20 API calls __dosmaperr 96748->96772 96750->96748 96752 ace574 96750->96752 96751 ace549 96773 ad27ec 26 API calls pre_c_initialization 96751->96773 96754 ace579 96752->96754 96755 ace586 96752->96755 96774 acf2d9 20 API calls __dosmaperr 96754->96774 96764 ad8061 96755->96764 96758 ace554 __fread_nolock 96758->96716 96759 ace58f 96760 ace595 96759->96760 96761 ace5a2 96759->96761 96775 acf2d9 20 API calls __dosmaperr 96760->96775 96776 ace5d4 LeaveCriticalSection __fread_nolock 96761->96776 96765 ad806d ___BuildCatchObject 96764->96765 96777 ad2f5e EnterCriticalSection 96765->96777 96767 ad807b 96778 ad80fb 96767->96778 96771 ad80ac __fread_nolock 96771->96759 96772->96751 96773->96758 96774->96758 96775->96758 96776->96758 96777->96767 96785 ad811e 96778->96785 96779 ad8177 96796 ad4c7d 96779->96796 96784 ad8189 96790 ad8088 96784->96790 96809 ad3405 11 API calls 2 library calls 96784->96809 96785->96779 96785->96785 96785->96790 96794 ac918d EnterCriticalSection 96785->96794 96795 ac91a1 LeaveCriticalSection 96785->96795 96787 ad81a8 96810 ac918d EnterCriticalSection 96787->96810 96791 ad80b7 96790->96791 96814 ad2fa6 LeaveCriticalSection 96791->96814 96793 ad80be 96793->96771 96794->96785 96795->96785 96801 ad4c8a __dosmaperr 96796->96801 96797 ad4cca 96812 acf2d9 20 API calls __dosmaperr 96797->96812 96798 ad4cb5 RtlAllocateHeap 96799 ad4cc8 96798->96799 96798->96801 96803 ad29c8 96799->96803 96801->96797 96801->96798 96811 ac4ead 7 API calls 2 library calls 96801->96811 96804 ad29fc __dosmaperr 96803->96804 96805 ad29d3 RtlFreeHeap 96803->96805 96804->96784 96805->96804 96806 ad29e8 96805->96806 96813 acf2d9 20 API calls __dosmaperr 96806->96813 96808 ad29ee GetLastError 96808->96804 96809->96787 96810->96790 96811->96801 96812->96799 96813->96808 96814->96793 96816 abfddb 22 API calls 96815->96816 96817 aa5734 96816->96817 96817->96726 96819 aa42d9 96818->96819 96820 aa42bc FindResourceExW 96818->96820 96819->96738 96820->96819 96821 ae35ba LoadResource 96820->96821 96821->96819 96822 ae35cf SizeofResource 96821->96822 96822->96819 96823 ae35e3 LockResource 96822->96823 96823->96819 96825 aa512e 96824->96825 96826 ae3d90 96824->96826 96830 acece3 96825->96830 96829->96731 96833 aceaaa 96830->96833 96832 aa513c 96832->96738 96836 aceab6 ___BuildCatchObject 96833->96836 96834 aceac2 96846 acf2d9 20 API calls __dosmaperr 96834->96846 96836->96834 96837 aceae8 96836->96837 96848 ac918d EnterCriticalSection 96837->96848 96839 aceac7 96847 ad27ec 26 API calls pre_c_initialization 96839->96847 96840 aceaf4 96849 acec0a 62 API calls 2 library calls 96840->96849 96843 aceb08 96850 aceb27 LeaveCriticalSection __fread_nolock 96843->96850 96844 acead2 __fread_nolock 96844->96832 96846->96839 96847->96844 96848->96840 96849->96843 96850->96844 96854 ace8e1 96851->96854 96853 aa5118 96853->96744 96855 ace8ed ___BuildCatchObject 96854->96855 96856 ace92d 96855->96856 96857 ace925 __fread_nolock 96855->96857 96859 ace900 ___scrt_fastfail 96855->96859 96867 ac918d EnterCriticalSection 96856->96867 96857->96853 96881 acf2d9 20 API calls __dosmaperr 96859->96881 96861 ace937 96868 ace6f8 96861->96868 96862 ace91a 96882 ad27ec 26 API calls pre_c_initialization 96862->96882 96867->96861 96872 ace70a ___scrt_fastfail 96868->96872 96874 ace727 96868->96874 96869 ace717 96956 acf2d9 20 API calls __dosmaperr 96869->96956 96871 ace71c 96957 ad27ec 26 API calls pre_c_initialization 96871->96957 96872->96869 96872->96874 96876 ace76a __fread_nolock 96872->96876 96883 ace96c LeaveCriticalSection __fread_nolock 96874->96883 96875 ace886 ___scrt_fastfail 96959 acf2d9 20 API calls __dosmaperr 96875->96959 96876->96874 96876->96875 96884 acd955 96876->96884 96891 ad8d45 96876->96891 96958 accf78 26 API calls 4 library calls 96876->96958 96881->96862 96882->96857 96883->96857 96885 acd976 96884->96885 96886 acd961 96884->96886 96885->96876 96960 acf2d9 20 API calls __dosmaperr 96886->96960 96888 acd966 96961 ad27ec 26 API calls pre_c_initialization 96888->96961 96890 acd971 96890->96876 96892 ad8d6f 96891->96892 96893 ad8d57 96891->96893 96895 ad90d9 96892->96895 96900 ad8db4 96892->96900 96971 acf2c6 20 API calls __dosmaperr 96893->96971 96987 acf2c6 20 API calls __dosmaperr 96895->96987 96896 ad8d5c 96972 acf2d9 20 API calls __dosmaperr 96896->96972 96899 ad90de 96988 acf2d9 20 API calls __dosmaperr 96899->96988 96901 ad8d64 96900->96901 96903 ad8dbf 96900->96903 96908 ad8def 96900->96908 96901->96876 96973 acf2c6 20 API calls __dosmaperr 96903->96973 96904 ad8dcc 96989 ad27ec 26 API calls pre_c_initialization 96904->96989 96906 ad8dc4 96974 acf2d9 20 API calls __dosmaperr 96906->96974 96910 ad8e08 96908->96910 96911 ad8e2e 96908->96911 96912 ad8e4a 96908->96912 96910->96911 96944 ad8e15 96910->96944 96975 acf2c6 20 API calls __dosmaperr 96911->96975 96978 ad3820 21 API calls __dosmaperr 96912->96978 96915 ad8e33 96976 acf2d9 20 API calls __dosmaperr 96915->96976 96916 ad8e61 96919 ad29c8 _free 20 API calls 96916->96919 96924 ad8e6a 96919->96924 96920 ad8fb3 96922 ad9029 96920->96922 96925 ad8fcc GetConsoleMode 96920->96925 96921 ad8e3a 96977 ad27ec 26 API calls pre_c_initialization 96921->96977 96927 ad902d ReadFile 96922->96927 96926 ad29c8 _free 20 API calls 96924->96926 96925->96922 96928 ad8fdd 96925->96928 96929 ad8e71 96926->96929 96930 ad9047 96927->96930 96931 ad90a1 GetLastError 96927->96931 96928->96927 96933 ad8fe3 ReadConsoleW 96928->96933 96934 ad8e7b 96929->96934 96935 ad8e96 96929->96935 96930->96931 96932 ad901e 96930->96932 96936 ad90ae 96931->96936 96937 ad9005 96931->96937 96948 ad906c 96932->96948 96949 ad9083 96932->96949 96953 ad8e45 __fread_nolock 96932->96953 96933->96932 96940 ad8fff GetLastError 96933->96940 96979 acf2d9 20 API calls __dosmaperr 96934->96979 96981 ad9424 28 API calls __wsopen_s 96935->96981 96985 acf2d9 20 API calls __dosmaperr 96936->96985 96937->96953 96982 acf2a3 20 API calls __dosmaperr 96937->96982 96940->96937 96941 ad29c8 _free 20 API calls 96941->96901 96943 ad90b3 96986 acf2c6 20 API calls __dosmaperr 96943->96986 96962 adf89b 96944->96962 96946 ad8e80 96980 acf2c6 20 API calls __dosmaperr 96946->96980 96983 ad8a61 31 API calls 3 library calls 96948->96983 96952 ad909a 96949->96952 96949->96953 96984 ad88a1 29 API calls __wsopen_s 96952->96984 96953->96941 96955 ad909f 96955->96953 96956->96871 96957->96874 96958->96876 96959->96871 96960->96888 96961->96890 96963 adf8a8 96962->96963 96964 adf8b5 96962->96964 96990 acf2d9 20 API calls __dosmaperr 96963->96990 96967 adf8c1 96964->96967 96991 acf2d9 20 API calls __dosmaperr 96964->96991 96966 adf8ad 96966->96920 96967->96920 96969 adf8e2 96992 ad27ec 26 API calls pre_c_initialization 96969->96992 96971->96896 96972->96901 96973->96906 96974->96904 96975->96915 96976->96921 96977->96953 96978->96916 96979->96946 96980->96953 96981->96944 96982->96953 96983->96953 96984->96955 96985->96943 96986->96953 96987->96899 96988->96904 96989->96901 96990->96966 96991->96969 96992->96966 96996 ace4e8 96993->96996 96995 b1275d 96995->96746 96999 ace469 96996->96999 96998 ace505 96998->96995 97000 ace478 96999->97000 97002 ace48c 96999->97002 97007 acf2d9 20 API calls __dosmaperr 97000->97007 97006 ace488 __alldvrm 97002->97006 97009 ad333f 11 API calls 2 library calls 97002->97009 97003 ace47d 97008 ad27ec 26 API calls pre_c_initialization 97003->97008 97006->96998 97007->97003 97008->97006 97009->97006 97011 b12e7a 97010->97011 97012 b12d3b 97011->97012 97013 aa50f5 40 API calls 97011->97013 97014 b128fe 27 API calls 97011->97014 97015 aa511f 64 API calls 97011->97015 97012->96663 97012->96681 97013->97011 97014->97011 97015->97011 97017 b122d9 97016->97017 97018 b122e7 97016->97018 97019 ace5eb 29 API calls 97017->97019 97020 b1232c 97018->97020 97021 ace5eb 29 API calls 97018->97021 97031 b122f0 97018->97031 97019->97018 97045 b12557 97020->97045 97023 b12311 97021->97023 97023->97020 97024 b1231a 97023->97024 97028 ace678 67 API calls 97024->97028 97024->97031 97025 b12370 97026 b12395 97025->97026 97027 b12374 97025->97027 97049 b12171 97026->97049 97030 b12381 97027->97030 97033 ace678 67 API calls 97027->97033 97028->97031 97030->97031 97036 ace678 67 API calls 97030->97036 97031->96681 97032 b1239d 97034 b123c3 97032->97034 97035 b123a3 97032->97035 97033->97030 97056 b123f3 97034->97056 97038 ace678 67 API calls 97035->97038 97039 b123b0 97035->97039 97036->97031 97038->97039 97039->97031 97041 ace678 67 API calls 97039->97041 97040 b123ca 97042 b123de 97040->97042 97064 ace678 97040->97064 97041->97031 97042->97031 97044 ace678 67 API calls 97042->97044 97044->97031 97046 b12565 __fread_nolock 97045->97046 97047 b1257c 97045->97047 97046->97025 97048 ace8c4 __fread_nolock 40 API calls 97047->97048 97048->97046 97050 acea0c ___std_exception_copy 21 API calls 97049->97050 97051 b1217f 97050->97051 97052 acea0c ___std_exception_copy 21 API calls 97051->97052 97053 b12190 97052->97053 97054 acea0c ___std_exception_copy 21 API calls 97053->97054 97055 b1219c 97054->97055 97055->97032 97060 b12408 97056->97060 97057 b124c0 97081 b12724 97057->97081 97059 b121cc 40 API calls 97059->97060 97060->97057 97060->97059 97063 b124c7 97060->97063 97077 b12606 97060->97077 97085 b12269 40 API calls 97060->97085 97063->97040 97065 ace684 ___BuildCatchObject 97064->97065 97066 ace6aa 97065->97066 97067 ace695 97065->97067 97075 ace6a5 __fread_nolock 97066->97075 97121 ac918d EnterCriticalSection 97066->97121 97138 acf2d9 20 API calls __dosmaperr 97067->97138 97069 ace69a 97139 ad27ec 26 API calls pre_c_initialization 97069->97139 97072 ace6c6 97122 ace602 97072->97122 97074 ace6d1 97075->97042 97078 b12617 97077->97078 97079 b1261d 97077->97079 97078->97079 97086 b126d7 97078->97086 97079->97060 97082 b12731 97081->97082 97083 b12742 97081->97083 97084 acdbb3 65 API calls 97082->97084 97083->97063 97084->97083 97085->97060 97087 b12703 97086->97087 97088 b12714 97086->97088 97090 acdbb3 97087->97090 97088->97078 97091 acdbc1 97090->97091 97092 acdbdd 97090->97092 97091->97092 97093 acdbcd 97091->97093 97094 acdbe3 97091->97094 97092->97088 97102 acf2d9 20 API calls __dosmaperr 97093->97102 97099 acd9cc 97094->97099 97097 acdbd2 97103 ad27ec 26 API calls pre_c_initialization 97097->97103 97104 acd97b 97099->97104 97102->97097 97103->97092 97105 acd987 ___BuildCatchObject 97104->97105 97112 ac918d EnterCriticalSection 97105->97112 97121->97072 97123 ace60f 97122->97123 97124 ace624 97122->97124 97166 acf2d9 20 API calls __dosmaperr 97123->97166 97136 ace61f 97124->97136 97141 acdc0b 97124->97141 97136->97074 97138->97069 97139->97075 97142 acdc1f 97141->97142 97143 acdc23 97141->97143 97143->97142 97340->96557 97341 ae2ba5 97342 ae2baf 97341->97342 97343 aa2b25 97341->97343 97384 aa3a5a 97342->97384 97369 aa2b83 7 API calls 97343->97369 97347 ae2bb8 97391 aa9cb3 97347->97391 97350 aa2b2f 97359 aa2b44 97350->97359 97373 aa3837 97350->97373 97351 ae2bc6 97352 ae2bce 97351->97352 97353 ae2bf5 97351->97353 97397 aa33c6 97352->97397 97355 aa33c6 22 API calls 97353->97355 97358 ae2bf1 GetForegroundWindow ShellExecuteW 97355->97358 97365 ae2c26 97358->97365 97360 aa2b5f 97359->97360 97383 aa30f2 Shell_NotifyIconW ___scrt_fastfail 97359->97383 97367 aa2b66 SetCurrentDirectoryW 97360->97367 97365->97360 97366 aa33c6 22 API calls 97366->97358 97368 aa2b7a 97367->97368 97415 aa2cd4 7 API calls 97369->97415 97371 aa2b2a 97372 aa2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97371->97372 97372->97350 97374 aa3862 ___scrt_fastfail 97373->97374 97416 aa4212 97374->97416 97377 aa38e8 97379 ae3386 Shell_NotifyIconW 97377->97379 97380 aa3906 Shell_NotifyIconW 97377->97380 97420 aa3923 97380->97420 97382 aa391c 97382->97359 97383->97360 97385 ae1f50 __wsopen_s 97384->97385 97386 aa3a67 GetModuleFileNameW 97385->97386 97387 aa9cb3 22 API calls 97386->97387 97388 aa3a8d 97387->97388 97389 aa3aa2 23 API calls 97388->97389 97390 aa3a97 97389->97390 97390->97347 97392 aa9cc2 _wcslen 97391->97392 97393 abfe0b 22 API calls 97392->97393 97394 aa9cea __fread_nolock 97393->97394 97395 abfddb 22 API calls 97394->97395 97396 aa9d00 97395->97396 97396->97351 97398 ae30bb 97397->97398 97399 aa33dd 97397->97399 97401 abfddb 22 API calls 97398->97401 97452 aa33ee 97399->97452 97402 ae30c5 _wcslen 97401->97402 97404 abfe0b 22 API calls 97402->97404 97403 aa33e8 97406 aa6350 97403->97406 97405 ae30fe __fread_nolock 97404->97405 97407 aa6362 97406->97407 97408 ae4a51 97406->97408 97467 aa6373 97407->97467 97477 aa4a88 22 API calls __fread_nolock 97408->97477 97411 aa636e 97411->97366 97412 ae4a5b 97413 ae4a67 97412->97413 97414 aaa8c7 22 API calls 97412->97414 97414->97413 97415->97371 97417 ae35a4 97416->97417 97418 aa38b7 97416->97418 97417->97418 97419 ae35ad DestroyIcon 97417->97419 97418->97377 97442 b0c874 42 API calls _strftime 97418->97442 97419->97418 97421 aa393f 97420->97421 97422 aa3a13 97420->97422 97443 aa6270 97421->97443 97422->97382 97425 aa395a 97427 aa6b57 22 API calls 97425->97427 97426 ae3393 LoadStringW 97428 ae33ad 97426->97428 97429 aa396f 97427->97429 97436 aa3994 ___scrt_fastfail 97428->97436 97448 aaa8c7 97428->97448 97430 aa397c 97429->97430 97431 ae33c9 97429->97431 97430->97428 97433 aa3986 97430->97433 97434 aa6350 22 API calls 97431->97434 97435 aa6350 22 API calls 97433->97435 97437 ae33d7 97434->97437 97435->97436 97439 aa39f9 Shell_NotifyIconW 97436->97439 97437->97436 97438 aa33c6 22 API calls 97437->97438 97440 ae33f9 97438->97440 97439->97422 97441 aa33c6 22 API calls 97440->97441 97441->97436 97442->97377 97444 abfe0b 22 API calls 97443->97444 97445 aa6295 97444->97445 97446 abfddb 22 API calls 97445->97446 97447 aa394d 97446->97447 97447->97425 97447->97426 97449 aaa8ea __fread_nolock 97448->97449 97450 aaa8db 97448->97450 97449->97436 97450->97449 97451 abfe0b 22 API calls 97450->97451 97451->97449 97453 aa33fe _wcslen 97452->97453 97454 ae311d 97453->97454 97455 aa3411 97453->97455 97457 abfddb 22 API calls 97454->97457 97462 aaa587 97455->97462 97459 ae3127 97457->97459 97458 aa341e __fread_nolock 97458->97403 97460 abfe0b 22 API calls 97459->97460 97461 ae3157 __fread_nolock 97460->97461 97463 aaa59d 97462->97463 97466 aaa598 __fread_nolock 97462->97466 97464 aef80f 97463->97464 97465 abfe0b 22 API calls 97463->97465 97465->97466 97466->97458 97468 aa6382 97467->97468 97474 aa63b6 __fread_nolock 97467->97474 97469 ae4a82 97468->97469 97470 aa63a9 97468->97470 97468->97474 97472 abfddb 22 API calls 97469->97472 97471 aaa587 22 API calls 97470->97471 97471->97474 97473 ae4a91 97472->97473 97475 abfe0b 22 API calls 97473->97475 97474->97411 97476 ae4ac5 __fread_nolock 97475->97476 97477->97412 97478 aa1044 97483 aa10f3 97478->97483 97480 aa104a 97519 ac00a3 29 API calls __onexit 97480->97519 97482 aa1054 97520 aa1398 97483->97520 97487 aa116a 97488 aaa961 22 API calls 97487->97488 97489 aa1174 97488->97489 97490 aaa961 22 API calls 97489->97490 97491 aa117e 97490->97491 97492 aaa961 22 API calls 97491->97492 97493 aa1188 97492->97493 97494 aaa961 22 API calls 97493->97494 97495 aa11c6 97494->97495 97496 aaa961 22 API calls 97495->97496 97497 aa1292 97496->97497 97530 aa171c 97497->97530 97501 aa12c4 97502 aaa961 22 API calls 97501->97502 97503 aa12ce 97502->97503 97551 ab1940 97503->97551 97505 aa12f9 97561 aa1aab 97505->97561 97507 aa1315 97508 aa1325 GetStdHandle 97507->97508 97509 aa137a 97508->97509 97510 ae2485 97508->97510 97513 aa1387 OleInitialize 97509->97513 97510->97509 97511 ae248e 97510->97511 97512 abfddb 22 API calls 97511->97512 97514 ae2495 97512->97514 97513->97480 97568 b1011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97514->97568 97516 ae249e 97569 b10944 CreateThread 97516->97569 97518 ae24aa CloseHandle 97518->97509 97519->97482 97570 aa13f1 97520->97570 97523 aa13f1 22 API calls 97524 aa13d0 97523->97524 97525 aaa961 22 API calls 97524->97525 97526 aa13dc 97525->97526 97527 aa6b57 22 API calls 97526->97527 97528 aa1129 97527->97528 97529 aa1bc3 6 API calls 97528->97529 97529->97487 97531 aaa961 22 API calls 97530->97531 97532 aa172c 97531->97532 97533 aaa961 22 API calls 97532->97533 97534 aa1734 97533->97534 97535 aaa961 22 API calls 97534->97535 97536 aa174f 97535->97536 97537 abfddb 22 API calls 97536->97537 97538 aa129c 97537->97538 97539 aa1b4a 97538->97539 97540 aa1b58 97539->97540 97541 aaa961 22 API calls 97540->97541 97542 aa1b63 97541->97542 97543 aaa961 22 API calls 97542->97543 97544 aa1b6e 97543->97544 97545 aaa961 22 API calls 97544->97545 97546 aa1b79 97545->97546 97547 aaa961 22 API calls 97546->97547 97548 aa1b84 97547->97548 97549 abfddb 22 API calls 97548->97549 97550 aa1b96 RegisterWindowMessageW 97549->97550 97550->97501 97552 ab1981 97551->97552 97554 ab195d 97551->97554 97577 ac0242 5 API calls __Init_thread_wait 97552->97577 97553 ab196e 97553->97505 97554->97553 97579 ac0242 5 API calls __Init_thread_wait 97554->97579 97557 ab198b 97557->97554 97578 ac01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97557->97578 97558 ab8727 97558->97553 97580 ac01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97558->97580 97562 aa1abb 97561->97562 97563 ae272d 97561->97563 97564 abfddb 22 API calls 97562->97564 97581 b13209 23 API calls 97563->97581 97566 aa1ac3 97564->97566 97566->97507 97567 ae2738 97568->97516 97569->97518 97582 b1092a 28 API calls 97569->97582 97571 aaa961 22 API calls 97570->97571 97572 aa13fc 97571->97572 97573 aaa961 22 API calls 97572->97573 97574 aa1404 97573->97574 97575 aaa961 22 API calls 97574->97575 97576 aa13c6 97575->97576 97576->97523 97577->97557 97578->97554 97579->97558 97580->97553 97581->97567 97583 af2a00 97593 aad7b0 messages 97583->97593 97584 aadb11 PeekMessageW 97584->97593 97585 aad807 GetInputState 97585->97584 97585->97593 97586 aad9d5 97587 af1cbe TranslateAcceleratorW 97587->97593 97589 aadb8f PeekMessageW 97589->97593 97590 aada04 timeGetTime 97590->97593 97591 aadb73 TranslateMessage DispatchMessageW 97591->97589 97592 aadbaf Sleep 97596 aadbc0 97592->97596 97593->97584 97593->97585 97593->97586 97593->97587 97593->97589 97593->97590 97593->97591 97593->97592 97594 af2b74 Sleep 97593->97594 97597 af1dda timeGetTime 97593->97597 97615 aadfd0 97593->97615 97638 ab1310 97593->97638 97694 abedf6 97593->97694 97699 aadd50 256 API calls 97593->97699 97700 aabf40 97593->97700 97759 b13a2a 23 API calls 97593->97759 97760 aaec40 97593->97760 97784 b1359c 82 API calls __wsopen_s 97593->97784 97594->97596 97595 abe551 timeGetTime 97595->97596 97596->97586 97596->97593 97596->97595 97600 af2c0b GetExitCodeProcess 97596->97600 97601 b329bf GetForegroundWindow 97596->97601 97605 af2a31 97596->97605 97606 af2ca9 Sleep 97596->97606 97785 b25658 23 API calls 97596->97785 97786 b0e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97596->97786 97787 b0d4dc 47 API calls 97596->97787 97758 abe300 23 API calls 97597->97758 97603 af2c37 CloseHandle 97600->97603 97604 af2c21 WaitForSingleObject 97600->97604 97601->97596 97603->97596 97604->97593 97604->97603 97605->97586 97606->97593 97616 aae010 97615->97616 97632 aae0dc messages 97616->97632 97790 ac0242 5 API calls __Init_thread_wait 97616->97790 97617 aaec40 256 API calls 97617->97632 97620 af2fca 97622 aaa961 22 API calls 97620->97622 97620->97632 97621 aaa961 22 API calls 97621->97632 97623 af2fe4 97622->97623 97791 ac00a3 29 API calls __onexit 97623->97791 97627 af2fee 97792 ac01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97627->97792 97631 aaa8c7 22 API calls 97631->97632 97632->97617 97632->97621 97632->97631 97633 aae3e1 97632->97633 97634 ab04f0 22 API calls 97632->97634 97637 b1359c 82 API calls 97632->97637 97788 aaa81b 41 API calls 97632->97788 97789 aba308 256 API calls 97632->97789 97793 ac0242 5 API calls __Init_thread_wait 97632->97793 97794 ac00a3 29 API calls __onexit 97632->97794 97795 ac01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97632->97795 97796 b247d4 256 API calls 97632->97796 97797 b268c1 256 API calls 97632->97797 97633->97593 97634->97632 97637->97632 97639 ab17b0 97638->97639 97640 ab1376 97638->97640 98011 ac0242 5 API calls __Init_thread_wait 97639->98011 97641 ab1390 97640->97641 97642 af6331 97640->97642 97644 ab1940 9 API calls 97641->97644 97645 af633d 97642->97645 98016 b2709c 256 API calls 97642->98016 97648 ab13a0 97644->97648 97645->97593 97647 ab17ba 97649 ab17fb 97647->97649 97650 aa9cb3 22 API calls 97647->97650 97651 ab1940 9 API calls 97648->97651 97653 af6346 97649->97653 97655 ab182c 97649->97655 97658 ab17d4 97650->97658 97652 ab13b6 97651->97652 97652->97649 97654 ab13ec 97652->97654 98017 b1359c 82 API calls __wsopen_s 97653->98017 97654->97653 97679 ab1408 __fread_nolock 97654->97679 98013 aaaceb 23 API calls messages 97655->98013 98012 ac01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97658->98012 97659 ab1839 98014 abd217 256 API calls 97659->98014 97662 af636e 98018 b1359c 82 API calls __wsopen_s 97662->98018 97663 ab152f 97665 ab153c 97663->97665 97666 af63d1 97663->97666 97668 ab1940 9 API calls 97665->97668 98020 b25745 54 API calls _wcslen 97666->98020 97669 ab1549 97668->97669 97675 ab1940 9 API calls 97669->97675 97680 ab15c7 messages 97669->97680 97670 abfddb 22 API calls 97670->97679 97671 ab1872 98015 abfaeb 23 API calls 97671->98015 97672 abfe0b 22 API calls 97672->97679 97673 ab171d 97673->97593 97684 ab1563 97675->97684 97677 aaec40 256 API calls 97677->97679 97678 ab167b messages 97678->97673 98010 abce17 22 API calls messages 97678->98010 97679->97659 97679->97662 97679->97663 97679->97670 97679->97672 97679->97677 97679->97680 97681 af63b2 97679->97681 97680->97671 97680->97678 97683 ab1940 9 API calls 97680->97683 97798 abeffa 97680->97798 97855 b1f0ec 97680->97855 97864 b1744a 97680->97864 97921 b0d4ce 97680->97921 97924 b2959f 97680->97924 97927 b16ef1 97680->97927 98007 b2958b 97680->98007 98021 b1359c 82 API calls __wsopen_s 97680->98021 98019 b1359c 82 API calls __wsopen_s 97681->98019 97683->97680 97684->97680 97686 aaa8c7 22 API calls 97684->97686 97686->97680 97695 abee09 97694->97695 97696 abee12 97694->97696 97695->97593 97696->97695 97697 abee36 IsDialogMessageW 97696->97697 97698 afefaf GetClassLongW 97696->97698 97697->97695 97697->97696 97698->97696 97698->97697 97699->97593 98490 aaadf0 97700->98490 97702 aabf9d 97703 aabfa9 97702->97703 97704 af04b6 97702->97704 97705 af04c6 97703->97705 97706 aac01e 97703->97706 98509 b1359c 82 API calls __wsopen_s 97704->98509 98510 b1359c 82 API calls __wsopen_s 97705->98510 98495 aaac91 97706->98495 97710 af04f5 97712 af055a 97710->97712 98511 abd217 256 API calls 97710->98511 97711 aac7da 97716 abfe0b 22 API calls 97711->97716 97743 aac603 97712->97743 98512 b1359c 82 API calls __wsopen_s 97712->98512 97721 aac808 __fread_nolock 97716->97721 97720 aaaf8a 22 API calls 97755 aac039 __fread_nolock messages 97720->97755 97724 abfe0b 22 API calls 97721->97724 97722 b07120 22 API calls 97722->97755 97723 af091a 98522 b13209 23 API calls 97723->98522 97756 aac350 __fread_nolock messages 97724->97756 97727 aaec40 256 API calls 97727->97755 97728 af08a5 97729 aaec40 256 API calls 97728->97729 97730 af08cf 97729->97730 97730->97743 98520 aaa81b 41 API calls 97730->98520 97732 af0591 98513 b1359c 82 API calls __wsopen_s 97732->98513 97735 af08f6 98521 b1359c 82 API calls __wsopen_s 97735->98521 97737 aabbe0 40 API calls 97737->97755 97739 aac237 97741 aac253 97739->97741 97742 aaa8c7 22 API calls 97739->97742 97745 af0976 97741->97745 97749 aac297 messages 97741->97749 97742->97741 97743->97593 97744 abfe0b 22 API calls 97744->97755 98523 aaaceb 23 API calls messages 97745->98523 97748 abfddb 22 API calls 97748->97755 97751 af09bf 97749->97751 98506 aaaceb 23 API calls messages 97749->98506 97751->97743 98524 b1359c 82 API calls __wsopen_s 97751->98524 97752 aac335 97752->97751 97753 aac342 97752->97753 98507 aaa704 22 API calls messages 97753->98507 97755->97710 97755->97711 97755->97712 97755->97720 97755->97721 97755->97722 97755->97723 97755->97727 97755->97728 97755->97732 97755->97735 97755->97737 97755->97739 97755->97743 97755->97744 97755->97748 97755->97751 98499 aaad81 97755->98499 98514 b07099 22 API calls __fread_nolock 97755->98514 98515 b25745 54 API calls _wcslen 97755->98515 98516 abaa42 22 API calls messages 97755->98516 98517 b0f05c 40 API calls 97755->98517 98518 aaa993 41 API calls 97755->98518 98519 aaaceb 23 API calls messages 97755->98519 97757 aac3ac 97756->97757 98508 abce17 22 API calls messages 97756->98508 97757->97593 97758->97593 97759->97593 97775 aaec76 messages 97760->97775 97761 ac01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97761->97775 97762 af4beb 98538 b1359c 82 API calls __wsopen_s 97762->98538 97763 abfddb 22 API calls 97763->97775 97764 aafef7 97772 aaa8c7 22 API calls 97764->97772 97777 aaed9d messages 97764->97777 97767 af4b0b 98536 b1359c 82 API calls __wsopen_s 97767->98536 97768 aaa8c7 22 API calls 97768->97775 97769 af4600 97774 aaa8c7 22 API calls 97769->97774 97769->97777 97772->97777 97773 ac0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97773->97775 97774->97777 97775->97761 97775->97762 97775->97763 97775->97764 97775->97767 97775->97768 97775->97769 97775->97773 97775->97777 97778 aaa961 22 API calls 97775->97778 97779 aafbe3 97775->97779 97780 ac00a3 29 API calls pre_c_initialization 97775->97780 97783 aaf3ae messages 97775->97783 98533 ab01e0 256 API calls 2 library calls 97775->98533 98534 ab06a0 41 API calls messages 97775->98534 97777->97593 97778->97775 97779->97777 97781 af4bdc 97779->97781 97779->97783 97780->97775 98537 b1359c 82 API calls __wsopen_s 97781->98537 97783->97777 98535 b1359c 82 API calls __wsopen_s 97783->98535 97784->97593 97785->97596 97786->97596 97787->97596 97788->97632 97789->97632 97790->97620 97791->97627 97792->97632 97793->97632 97794->97632 97795->97632 97796->97632 97797->97632 98022 aa9c6e 97798->98022 97801 abfddb 22 API calls 97803 abf02b 97801->97803 97805 abfe0b 22 API calls 97803->97805 97804 aff0a8 97807 abf0a4 97804->97807 98115 b19caa 39 API calls 97804->98115 97806 abf03c 97805->97806 98060 aa6246 97806->98060 97814 abf0b1 97807->97814 98055 aab567 97807->98055 97811 aff10a 97811->97814 97815 aff112 97811->97815 97812 aaa961 22 API calls 97813 abf04f 97812->97813 97816 aa6246 CloseHandle 97813->97816 98036 abfa5b 97814->98036 97818 aab567 39 API calls 97815->97818 97819 abf056 97816->97819 97823 abf0b8 97818->97823 98064 aa7510 97819->98064 97822 aa6246 CloseHandle 97824 abf06c 97822->97824 97825 aff127 97823->97825 97826 abf0d3 97823->97826 98087 aa5745 97824->98087 97829 abfe0b 22 API calls 97825->97829 97828 aa6270 22 API calls 97826->97828 97831 abf0db 97828->97831 97832 aff12c 97829->97832 98041 abf141 97831->98041 97836 aff140 97832->97836 98116 abf866 ReadFile SetFilePointerEx 97832->98116 97833 abf085 98095 aa53de 97833->98095 97834 aff0a0 98114 aa6216 CloseHandle messages 97834->98114 97844 aff144 __fread_nolock 97836->97844 98117 b10e85 22 API calls ___scrt_fastfail 97836->98117 97839 abf0ea 97839->97844 98111 aa62b5 22 API calls 97839->98111 97843 abf093 98110 aa53c7 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97843->98110 97846 abf0fe 97847 abf138 97846->97847 97850 aa6246 CloseHandle 97846->97850 97847->97680 97848 aff069 98113 b0ccff SetFilePointerEx SetFilePointerEx SetFilePointerEx WriteFile 97848->98113 97849 abf09a 97849->97807 97849->97848 97851 abf12c 97850->97851 97851->97847 98112 aa6216 CloseHandle messages 97851->98112 97853 aff080 97853->97807 97856 aa7510 53 API calls 97855->97856 97857 b1f126 97856->97857 98174 aa9e90 97857->98174 97859 b1f136 97860 b1f15b 97859->97860 97861 aaec40 256 API calls 97859->97861 97862 aa9c6e 22 API calls 97860->97862 97863 b1f15f 97860->97863 97861->97860 97862->97863 97863->97680 97865 b17469 97864->97865 97866 b17474 97864->97866 97867 aab567 39 API calls 97865->97867 97869 aaa961 22 API calls 97866->97869 97901 b17554 97866->97901 97867->97866 97868 abfddb 22 API calls 97870 b17587 97868->97870 97871 b17495 97869->97871 97872 abfe0b 22 API calls 97870->97872 97874 aaa961 22 API calls 97871->97874 97873 b17598 97872->97873 97875 aa6246 CloseHandle 97873->97875 97876 b1749e 97874->97876 97877 b175a3 97875->97877 97878 aa7510 53 API calls 97876->97878 97879 aaa961 22 API calls 97877->97879 97880 b174aa 97878->97880 97881 b175ab 97879->97881 98209 aa525f 97880->98209 97884 aa6246 CloseHandle 97881->97884 97883 b174bf 97885 aa6350 22 API calls 97883->97885 97886 b175b2 97884->97886 97887 b174f2 97885->97887 97888 aa7510 53 API calls 97886->97888 97889 b1754a 97887->97889 97891 b0d4ce 4 API calls 97887->97891 97890 b175be 97888->97890 97893 aab567 39 API calls 97889->97893 97892 aa6246 CloseHandle 97890->97892 97894 b17502 97891->97894 97895 b175c8 97892->97895 97893->97901 97894->97889 97896 b17506 97894->97896 97898 aa5745 5 API calls 97895->97898 97897 aa9cb3 22 API calls 97896->97897 97899 b17513 97897->97899 97900 b175e2 97898->97900 98251 b0d2c1 26 API calls 97899->98251 97903 b175ea 97900->97903 97904 b176de GetLastError 97900->97904 97901->97868 97919 b176a4 97901->97919 97907 aa53de 27 API calls 97903->97907 97905 b176f7 97904->97905 98255 aa6216 CloseHandle messages 97905->98255 97906 b1751c 97906->97889 97909 b175f8 97907->97909 98252 aa53c7 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97909->98252 97911 b17645 97912 abfddb 22 API calls 97911->97912 97915 b17679 97912->97915 97913 b175ff 97913->97911 97914 b17619 97913->97914 98253 b0ccff SetFilePointerEx SetFilePointerEx SetFilePointerEx WriteFile 97914->98253 97916 aaa961 22 API calls 97915->97916 97918 b17686 97916->97918 97918->97919 98254 b0417d 22 API calls __fread_nolock 97918->98254 97919->97680 98274 b0dbbe lstrlenW 97921->98274 98279 b27f59 97924->98279 97926 b295af 97926->97680 97928 aaa961 22 API calls 97927->97928 97929 b16f1d 97928->97929 97930 aaa961 22 API calls 97929->97930 97931 b16f26 97930->97931 97932 b16f3a 97931->97932 97933 aab567 39 API calls 97931->97933 97934 aa7510 53 API calls 97932->97934 97933->97932 97940 b16f57 _wcslen 97934->97940 97935 b16fbc 97937 aa7510 53 API calls 97935->97937 97936 b170bf 97938 aa4ecb 94 API calls 97936->97938 97941 b16fc8 97937->97941 97939 b170d0 97938->97939 97942 b170e5 97939->97942 97943 aa4ecb 94 API calls 97939->97943 97940->97935 97940->97936 97949 b170e9 97940->97949 97945 aaa8c7 22 API calls 97941->97945 97948 b16fdb 97941->97948 97944 aaa961 22 API calls 97942->97944 97942->97949 97943->97942 97946 b1711a 97944->97946 97945->97948 97950 aaa961 22 API calls 97946->97950 97947 b17027 97952 aa7510 53 API calls 97947->97952 97948->97947 97951 b17005 97948->97951 97954 aaa8c7 22 API calls 97948->97954 97949->97680 97953 b17126 97950->97953 97955 aa33c6 22 API calls 97951->97955 97956 b17034 97952->97956 97957 aaa961 22 API calls 97953->97957 97954->97951 97958 b1700f 97955->97958 97959 b17047 97956->97959 97960 b1703d 97956->97960 97961 b1712f 97957->97961 97963 aa7510 53 API calls 97958->97963 98480 b0e199 GetFileAttributesW 97959->98480 97964 aaa8c7 22 API calls 97960->97964 97962 aaa961 22 API calls 97961->97962 97967 b17138 97962->97967 97968 b1701b 97963->97968 97964->97959 97966 b17050 97969 b17063 97966->97969 97972 aa4c6d 22 API calls 97966->97972 97970 aa7510 53 API calls 97967->97970 97971 aa6350 22 API calls 97968->97971 97974 aa7510 53 API calls 97969->97974 97980 b17069 97969->97980 97973 b17145 97970->97973 97971->97947 97972->97969 97975 aa525f 22 API calls 97973->97975 97976 b170a0 97974->97976 97977 b17166 97975->97977 98481 b0d076 57 API calls 97976->98481 97979 aa4c6d 22 API calls 97977->97979 97981 b17175 97979->97981 97980->97949 97982 b171a9 97981->97982 97984 aa4c6d 22 API calls 97981->97984 97983 aaa8c7 22 API calls 97982->97983 97985 b171ba 97983->97985 97986 b17186 97984->97986 97987 aa6350 22 API calls 97985->97987 97986->97982 97989 aa6b57 22 API calls 97986->97989 97988 b171c8 97987->97988 97990 aa6350 22 API calls 97988->97990 97991 b1719b 97989->97991 97992 b171d6 97990->97992 97993 aa6b57 22 API calls 97991->97993 97994 aa6350 22 API calls 97992->97994 97993->97982 97995 b171e4 97994->97995 97996 aa7510 53 API calls 97995->97996 97997 b171f0 97996->97997 98371 b0d7bc 97997->98371 97999 b17201 98000 b0d4ce 4 API calls 97999->98000 98001 b1720b 98000->98001 98002 aa7510 53 API calls 98001->98002 98006 b17239 98001->98006 98003 b17229 98002->98003 98425 b12947 98003->98425 98005 aa4f39 68 API calls 98005->97949 98006->98005 98008 b27f59 120 API calls 98007->98008 98009 b2959b 98008->98009 98009->97680 98010->97678 98011->97647 98012->97649 98013->97659 98014->97671 98015->97671 98016->97645 98017->97680 98018->97680 98019->97680 98020->97684 98021->97680 98023 aa9c7e 98022->98023 98024 aef545 98022->98024 98029 abfddb 22 API calls 98023->98029 98025 aef556 98024->98025 98027 aa6b57 22 API calls 98024->98027 98026 aaa6c3 22 API calls 98025->98026 98028 aef560 98026->98028 98027->98025 98028->98028 98030 aa9c91 98029->98030 98031 aa9c9a 98030->98031 98032 aa9cac 98030->98032 98033 aa9cb3 22 API calls 98031->98033 98034 aaa961 22 API calls 98032->98034 98035 aa9ca2 98033->98035 98034->98035 98035->97801 98035->97804 98118 aa54c6 98036->98118 98039 aa54c6 3 API calls 98040 abfa9a 98039->98040 98040->97823 98042 abf188 98041->98042 98043 abf14c 98041->98043 98044 aaa6c3 22 API calls 98042->98044 98043->98042 98046 abf15b 98043->98046 98051 b0caeb 98044->98051 98045 abf170 98124 abf18e 98045->98124 98046->98045 98047 abf17d 98046->98047 98131 b0cbf2 26 API calls 98047->98131 98049 b0cb1a 98049->97839 98051->98049 98132 b0ca89 ReadFile SetFilePointerEx 98051->98132 98133 aa49bd 22 API calls __fread_nolock 98051->98133 98052 abf179 98052->97839 98056 aab578 98055->98056 98057 aab57f 98055->98057 98056->98057 98169 ac62d1 39 API calls _strftime 98056->98169 98057->97811 98059 aab5c2 98059->97811 98061 aa625f 98060->98061 98062 aa6250 98060->98062 98061->98062 98063 aa6264 CloseHandle 98061->98063 98062->97812 98063->98062 98065 aa7525 98064->98065 98080 aa7522 98064->98080 98066 aa755b 98065->98066 98067 aa752d 98065->98067 98068 ae50f6 98066->98068 98070 ae500f 98066->98070 98071 aa756d 98066->98071 98170 ac51c6 26 API calls 98067->98170 98173 ac5183 26 API calls 98068->98173 98081 abfe0b 22 API calls 98070->98081 98086 ae5088 98070->98086 98171 abfb21 51 API calls 98071->98171 98072 aa753d 98077 abfddb 22 API calls 98072->98077 98075 ae510e 98075->98075 98078 aa7547 98077->98078 98079 aa9cb3 22 API calls 98078->98079 98079->98080 98080->97822 98082 ae5058 98081->98082 98083 abfddb 22 API calls 98082->98083 98084 ae507f 98083->98084 98085 aa9cb3 22 API calls 98084->98085 98085->98086 98172 abfb21 51 API calls 98086->98172 98088 aa575c CreateFileW 98087->98088 98089 ae4035 98087->98089 98091 aa577b 98088->98091 98090 ae403b CreateFileW 98089->98090 98089->98091 98090->98091 98092 ae4063 98090->98092 98091->97833 98091->97834 98093 aa54c6 3 API calls 98092->98093 98094 ae406e 98093->98094 98094->98091 98096 aa53f3 98095->98096 98109 aa53f0 messages 98095->98109 98097 aa54c6 3 API calls 98096->98097 98096->98109 98098 aa5410 98097->98098 98099 ae3f4b 98098->98099 98100 aa541d 98098->98100 98102 abfa5b 3 API calls 98099->98102 98101 abfe0b 22 API calls 98100->98101 98103 aa5429 98101->98103 98102->98109 98104 aa5722 22 API calls 98103->98104 98105 aa5433 98104->98105 98106 aa9a40 2 API calls 98105->98106 98107 aa543f 98106->98107 98108 aa54c6 3 API calls 98107->98108 98108->98109 98109->97843 98110->97849 98111->97846 98112->97847 98113->97853 98114->97804 98115->97804 98116->97836 98117->97844 98123 aa54dd 98118->98123 98119 ae3f9c SetFilePointerEx 98120 aa5564 SetFilePointerEx SetFilePointerEx 98121 aa5530 98120->98121 98121->98039 98122 ae3f8b 98122->98119 98123->98119 98123->98120 98123->98121 98123->98122 98134 abf1d8 98124->98134 98130 abf1c1 98130->98052 98131->98052 98132->98051 98133->98051 98135 abfe0b 22 API calls 98134->98135 98136 abf1ef 98135->98136 98137 abfddb 22 API calls 98136->98137 98138 abf1a6 98137->98138 98139 aa97b6 98138->98139 98153 aa9a1e 98139->98153 98142 aa97fc 98142->98130 98145 aa6e14 MultiByteToWideChar 98142->98145 98144 aa97c7 98144->98142 98160 aa9a40 98144->98160 98166 aa9b01 22 API calls __fread_nolock 98144->98166 98146 aa6e40 98145->98146 98147 aa6e87 98145->98147 98149 abfe0b 22 API calls 98146->98149 98148 aaa6c3 22 API calls 98147->98148 98150 aa6e7b 98148->98150 98151 aa6e55 MultiByteToWideChar 98149->98151 98150->98130 98168 aa6e90 22 API calls __fread_nolock 98151->98168 98154 aa9a2f 98153->98154 98155 aef378 98153->98155 98154->98144 98156 abfddb 22 API calls 98155->98156 98157 aef382 98156->98157 98158 abfe0b 22 API calls 98157->98158 98159 aef397 98158->98159 98161 aa9abb 98160->98161 98165 aa9a4e 98160->98165 98167 abe40f SetFilePointerEx 98161->98167 98162 aa9a7c 98162->98144 98164 aa9a8c ReadFile 98164->98162 98164->98165 98165->98162 98165->98164 98166->98144 98167->98165 98168->98150 98169->98059 98170->98072 98171->98072 98172->98068 98173->98075 98175 aa6270 22 API calls 98174->98175 98200 aa9eb5 98175->98200 98176 aa9fd2 98177 aaa4a1 22 API calls 98176->98177 98178 aa9fec 98177->98178 98178->97859 98181 aef7c4 98207 b096e2 84 API calls __wsopen_s 98181->98207 98182 aef699 98189 abfddb 22 API calls 98182->98189 98183 aaa6c3 22 API calls 98183->98200 98184 aaa405 98184->98178 98208 b096e2 84 API calls __wsopen_s 98184->98208 98188 aef7d2 98190 aaa4a1 22 API calls 98188->98190 98191 aef754 98189->98191 98192 aef7e8 98190->98192 98193 abfe0b 22 API calls 98191->98193 98192->98178 98194 aaa12c __fread_nolock 98193->98194 98194->98181 98194->98184 98196 aaa587 22 API calls 98196->98200 98197 aaaec9 22 API calls 98198 aaa0db CharUpperBuffW 98197->98198 98203 aaa673 22 API calls 98198->98203 98200->98176 98200->98181 98200->98182 98200->98183 98200->98184 98200->98194 98200->98196 98200->98197 98201 aaa4a1 22 API calls 98200->98201 98202 aa4573 41 API calls _wcslen 98200->98202 98204 aa48c8 23 API calls 98200->98204 98205 aa49bd 22 API calls __fread_nolock 98200->98205 98206 aaa673 22 API calls 98200->98206 98201->98200 98202->98200 98203->98200 98204->98200 98205->98200 98206->98200 98207->98188 98208->98178 98210 aaa961 22 API calls 98209->98210 98211 aa5275 98210->98211 98212 aaa961 22 API calls 98211->98212 98213 aa527d 98212->98213 98214 aaa961 22 API calls 98213->98214 98215 aa5285 98214->98215 98216 aaa961 22 API calls 98215->98216 98217 aa528d 98216->98217 98218 ae3df5 98217->98218 98219 aa52c1 98217->98219 98220 aaa8c7 22 API calls 98218->98220 98221 aa6d25 22 API calls 98219->98221 98223 ae3dfe 98220->98223 98222 aa52cf 98221->98222 98224 aa93b2 22 API calls 98222->98224 98225 aaa6c3 22 API calls 98223->98225 98226 aa52d9 98224->98226 98227 aa5304 98225->98227 98226->98227 98228 aa6d25 22 API calls 98226->98228 98229 aa5349 98227->98229 98230 aa5325 98227->98230 98235 ae3e20 98227->98235 98232 aa52fa 98228->98232 98256 aa6d25 98229->98256 98230->98229 98269 aa4c6d 98230->98269 98234 aa93b2 22 API calls 98232->98234 98233 aa535a 98236 aa5370 98233->98236 98242 aaa8c7 22 API calls 98233->98242 98234->98227 98239 aa6b57 22 API calls 98235->98239 98240 aa5384 98236->98240 98245 aaa8c7 22 API calls 98236->98245 98241 ae3ee0 98239->98241 98243 aa538f 98240->98243 98246 aaa8c7 22 API calls 98240->98246 98241->98229 98248 aa4c6d 22 API calls 98241->98248 98272 aa49bd 22 API calls __fread_nolock 98241->98272 98242->98236 98247 aaa8c7 22 API calls 98243->98247 98250 aa539a 98243->98250 98244 aa6d25 22 API calls 98244->98229 98245->98240 98246->98243 98247->98250 98248->98241 98250->97883 98251->97906 98252->97913 98253->97911 98254->97919 98255->97919 98257 aa6d91 98256->98257 98258 aa6d34 98256->98258 98259 aa93b2 22 API calls 98257->98259 98258->98257 98260 aa6d3f 98258->98260 98266 aa6d62 __fread_nolock 98259->98266 98261 aa6d5a 98260->98261 98262 ae4c9d 98260->98262 98273 aa6f34 22 API calls 98261->98273 98263 abfddb 22 API calls 98262->98263 98265 ae4ca7 98263->98265 98267 abfe0b 22 API calls 98265->98267 98266->98233 98268 ae4cda 98267->98268 98270 aaaec9 22 API calls 98269->98270 98271 aa4c78 98270->98271 98271->98229 98271->98244 98272->98241 98273->98266 98275 b0dbdc GetFileAttributesW 98274->98275 98277 b0d4d5 98274->98277 98276 b0dbe8 FindFirstFileW 98275->98276 98275->98277 98276->98277 98278 b0dbf9 FindClose 98276->98278 98277->97680 98278->98277 98280 aa7510 53 API calls 98279->98280 98281 b27f90 98280->98281 98303 b27fd5 messages 98281->98303 98317 b28cd3 98281->98317 98283 b28281 98284 b2844f 98283->98284 98288 b2828f 98283->98288 98358 b28ee4 60 API calls 98284->98358 98287 b2845e 98287->98288 98289 b2846a 98287->98289 98330 b27e86 98288->98330 98289->98303 98290 aa7510 53 API calls 98308 b28049 98290->98308 98295 b282c8 98345 abfc70 98295->98345 98298 b28302 98352 aa63eb 22 API calls 98298->98352 98299 b282e8 98351 b1359c 82 API calls __wsopen_s 98299->98351 98302 b28311 98353 aa6a50 22 API calls 98302->98353 98303->97926 98304 b282f3 GetCurrentProcess TerminateProcess 98304->98298 98306 b2832a 98316 b28352 98306->98316 98354 ab04f0 22 API calls 98306->98354 98308->98283 98308->98290 98308->98303 98349 b0417d 22 API calls __fread_nolock 98308->98349 98350 b2851d 42 API calls _strftime 98308->98350 98309 b284c5 98309->98303 98311 b284d9 FreeLibrary 98309->98311 98310 b28341 98355 b28b7b 75 API calls 98310->98355 98311->98303 98316->98309 98356 ab04f0 22 API calls 98316->98356 98357 aaaceb 23 API calls messages 98316->98357 98359 b28b7b 75 API calls 98316->98359 98318 aaaec9 22 API calls 98317->98318 98319 b28cee CharLowerBuffW 98318->98319 98360 b08e54 98319->98360 98323 aaa961 22 API calls 98324 b28d2a 98323->98324 98325 aa6d25 22 API calls 98324->98325 98326 b28d3e 98325->98326 98327 aa93b2 22 API calls 98326->98327 98328 b28d48 _wcslen 98327->98328 98329 b28e5e _wcslen 98328->98329 98367 b2851d 42 API calls _strftime 98328->98367 98329->98308 98331 b27ea1 98330->98331 98332 b27eec 98330->98332 98333 abfe0b 22 API calls 98331->98333 98336 b29096 98332->98336 98334 b27ec3 98333->98334 98334->98332 98335 abfddb 22 API calls 98334->98335 98335->98334 98337 b292ab messages 98336->98337 98344 b290ba _strcat _wcslen 98336->98344 98337->98295 98338 aab6b5 39 API calls 98338->98344 98339 aab567 39 API calls 98339->98344 98340 aab38f 39 API calls 98340->98344 98341 aa7510 53 API calls 98341->98344 98342 acea0c 21 API calls ___std_exception_copy 98342->98344 98344->98337 98344->98338 98344->98339 98344->98340 98344->98341 98344->98342 98370 b0efae 24 API calls _wcslen 98344->98370 98347 abfc85 98345->98347 98346 abfd1d VirtualProtect 98348 abfceb 98346->98348 98347->98346 98347->98348 98348->98298 98348->98299 98349->98308 98350->98308 98351->98304 98352->98302 98353->98306 98354->98310 98355->98316 98356->98316 98357->98316 98358->98287 98359->98316 98361 b08e74 _wcslen 98360->98361 98362 b08f63 98361->98362 98365 b08ea9 98361->98365 98366 b08f68 98361->98366 98362->98323 98362->98328 98365->98362 98368 abce60 41 API calls 98365->98368 98366->98362 98369 abce60 41 API calls 98366->98369 98367->98329 98368->98365 98369->98366 98370->98344 98372 b0d7d8 98371->98372 98373 b0d7f3 98372->98373 98374 b0d7dd 98372->98374 98375 aaa961 22 API calls 98373->98375 98377 aaa8c7 22 API calls 98374->98377 98424 b0d7ee 98374->98424 98376 b0d7fb 98375->98376 98378 aaa961 22 API calls 98376->98378 98377->98424 98379 b0d803 98378->98379 98380 aaa961 22 API calls 98379->98380 98381 b0d80e 98380->98381 98382 aaa961 22 API calls 98381->98382 98383 b0d816 98382->98383 98384 aaa961 22 API calls 98383->98384 98385 b0d81e 98384->98385 98386 aaa961 22 API calls 98385->98386 98387 b0d826 98386->98387 98388 aaa961 22 API calls 98387->98388 98389 b0d82e 98388->98389 98390 aaa961 22 API calls 98389->98390 98391 b0d836 98390->98391 98392 aa525f 22 API calls 98391->98392 98393 b0d84d 98392->98393 98394 aa525f 22 API calls 98393->98394 98395 b0d866 98394->98395 98396 aa4c6d 22 API calls 98395->98396 98397 b0d872 98396->98397 98398 b0d885 98397->98398 98399 aa93b2 22 API calls 98397->98399 98400 aa4c6d 22 API calls 98398->98400 98399->98398 98401 b0d88e 98400->98401 98402 aa93b2 22 API calls 98401->98402 98404 b0d89e 98401->98404 98402->98404 98403 b0d8b0 98405 aa6350 22 API calls 98403->98405 98404->98403 98406 aaa8c7 22 API calls 98404->98406 98407 b0d8bb 98405->98407 98406->98403 98482 b0d978 22 API calls 98407->98482 98409 b0d8ca 98483 b0d978 22 API calls 98409->98483 98411 b0d8dd 98412 aa4c6d 22 API calls 98411->98412 98413 b0d8e7 98412->98413 98414 b0d8ec 98413->98414 98415 b0d8fe 98413->98415 98416 aa33c6 22 API calls 98414->98416 98417 aa4c6d 22 API calls 98415->98417 98418 b0d8f9 98416->98418 98419 b0d907 98417->98419 98422 aa6350 22 API calls 98418->98422 98420 b0d925 98419->98420 98421 aa33c6 22 API calls 98419->98421 98423 aa6350 22 API calls 98420->98423 98421->98418 98422->98420 98423->98424 98424->97999 98426 b12954 __wsopen_s 98425->98426 98427 abfe0b 22 API calls 98426->98427 98428 b12971 98427->98428 98429 aa5722 22 API calls 98428->98429 98430 b1297b 98429->98430 98431 b1274e 27 API calls 98430->98431 98432 b12986 98431->98432 98433 aa511f 64 API calls 98432->98433 98434 b1299b 98433->98434 98435 b12a6c 98434->98435 98436 b129bf 98434->98436 98437 b12e66 75 API calls 98435->98437 98438 b12e66 75 API calls 98436->98438 98453 b12a38 98437->98453 98439 b129c4 98438->98439 98443 b12a75 messages 98439->98443 98488 acd583 26 API calls 98439->98488 98441 aa50f5 40 API calls 98442 b12a91 98441->98442 98444 aa50f5 40 API calls 98442->98444 98443->98006 98446 b12aa1 98444->98446 98445 b129ed 98489 acd583 26 API calls 98445->98489 98447 aa50f5 40 API calls 98446->98447 98449 b12abc 98447->98449 98450 aa50f5 40 API calls 98449->98450 98451 b12acc 98450->98451 98452 aa50f5 40 API calls 98451->98452 98454 b12ae7 98452->98454 98453->98441 98453->98443 98455 aa50f5 40 API calls 98454->98455 98456 b12af7 98455->98456 98457 aa50f5 40 API calls 98456->98457 98458 b12b07 98457->98458 98459 aa50f5 40 API calls 98458->98459 98460 b12b17 98459->98460 98484 b13017 GetTempPathW GetTempFileNameW 98460->98484 98462 b12b22 98463 ace5eb 29 API calls 98462->98463 98474 b12b33 98463->98474 98464 b12bed 98465 ace678 67 API calls 98464->98465 98466 b12bf8 98465->98466 98468 b12c12 98466->98468 98469 b12bfe DeleteFileW 98466->98469 98467 aa50f5 40 API calls 98467->98474 98470 b12c91 CopyFileW 98468->98470 98476 b12c18 98468->98476 98469->98443 98471 b12ca7 DeleteFileW 98470->98471 98472 b12cb9 DeleteFileW 98470->98472 98471->98443 98485 b12fd8 CreateFileW 98472->98485 98474->98443 98474->98464 98474->98467 98475 acdbb3 65 API calls 98474->98475 98475->98474 98477 b122ce 79 API calls 98476->98477 98478 b12c7c 98477->98478 98478->98472 98479 b12c80 DeleteFileW 98478->98479 98479->98443 98480->97966 98481->97980 98482->98409 98483->98411 98484->98462 98486 b13013 98485->98486 98487 b12fff SetFileTime CloseHandle 98485->98487 98486->98443 98487->98486 98488->98445 98489->98453 98491 aaae01 98490->98491 98494 aaae1c messages 98490->98494 98492 aaaec9 22 API calls 98491->98492 98493 aaae09 CharUpperBuffW 98492->98493 98493->98494 98494->97702 98496 aaacae 98495->98496 98497 aaacd1 98496->98497 98525 b1359c 82 API calls __wsopen_s 98496->98525 98497->97755 98500 aefadb 98499->98500 98501 aaad92 98499->98501 98502 abfddb 22 API calls 98501->98502 98503 aaad99 98502->98503 98526 aaadcd 98503->98526 98506->97752 98507->97756 98508->97756 98509->97705 98510->97743 98511->97712 98512->97743 98513->97743 98514->97755 98515->97755 98516->97755 98517->97755 98518->97755 98519->97755 98520->97735 98521->97743 98522->97739 98523->97751 98524->97743 98525->98497 98530 aaaddd 98526->98530 98527 aaadb6 98527->97755 98528 abfddb 22 API calls 98528->98530 98529 aaa961 22 API calls 98529->98530 98530->98527 98530->98528 98530->98529 98531 aaa8c7 22 API calls 98530->98531 98532 aaadcd 22 API calls 98530->98532 98531->98530 98532->98530 98533->97775 98534->97775 98535->97777 98536->97777 98537->97762 98538->97777 98539 ad8402 98544 ad81be 98539->98544 98542 ad842a 98549 ad81ef try_get_first_available_module 98544->98549 98546 ad83ee 98563 ad27ec 26 API calls pre_c_initialization 98546->98563 98548 ad8343 98548->98542 98556 ae0984 98548->98556 98552 ad8338 98549->98552 98559 ac8e0b 40 API calls 2 library calls 98549->98559 98551 ad838c 98551->98552 98560 ac8e0b 40 API calls 2 library calls 98551->98560 98552->98548 98562 acf2d9 20 API calls __dosmaperr 98552->98562 98554 ad83ab 98554->98552 98561 ac8e0b 40 API calls 2 library calls 98554->98561 98564 ae0081 98556->98564 98558 ae099f 98558->98542 98559->98551 98560->98554 98561->98552 98562->98546 98563->98548 98565 ae008d ___BuildCatchObject 98564->98565 98566 ae009b 98565->98566 98569 ae00d4 98565->98569 98622 acf2d9 20 API calls __dosmaperr 98566->98622 98568 ae00a0 98623 ad27ec 26 API calls pre_c_initialization 98568->98623 98575 ae065b 98569->98575 98574 ae00aa __fread_nolock 98574->98558 98625 ae042f 98575->98625 98578 ae068d 98657 acf2c6 20 API calls __dosmaperr 98578->98657 98579 ae06a6 98643 ad5221 98579->98643 98582 ae0692 98658 acf2d9 20 API calls __dosmaperr 98582->98658 98583 ae06ab 98584 ae06cb 98583->98584 98585 ae06b4 98583->98585 98656 ae039a CreateFileW 98584->98656 98659 acf2c6 20 API calls __dosmaperr 98585->98659 98589 ae06b9 98660 acf2d9 20 API calls __dosmaperr 98589->98660 98591 ae0781 GetFileType 98592 ae078c GetLastError 98591->98592 98593 ae07d3 98591->98593 98663 acf2a3 20 API calls __dosmaperr 98592->98663 98665 ad516a 21 API calls 2 library calls 98593->98665 98594 ae0756 GetLastError 98662 acf2a3 20 API calls __dosmaperr 98594->98662 98596 ae0704 98596->98591 98596->98594 98661 ae039a CreateFileW 98596->98661 98598 ae079a CloseHandle 98598->98582 98600 ae07c3 98598->98600 98664 acf2d9 20 API calls __dosmaperr 98600->98664 98602 ae0749 98602->98591 98602->98594 98604 ae07f4 98606 ae0840 98604->98606 98666 ae05ab 72 API calls 3 library calls 98604->98666 98605 ae07c8 98605->98582 98610 ae086d 98606->98610 98667 ae014d 72 API calls 4 library calls 98606->98667 98609 ae0866 98609->98610 98612 ae087e 98609->98612 98611 ad86ae __wsopen_s 29 API calls 98610->98611 98613 ae00f8 98611->98613 98612->98613 98614 ae08fc CloseHandle 98612->98614 98624 ae0121 LeaveCriticalSection __wsopen_s 98613->98624 98668 ae039a CreateFileW 98614->98668 98616 ae0927 98617 ae095d 98616->98617 98618 ae0931 GetLastError 98616->98618 98617->98613 98669 acf2a3 20 API calls __dosmaperr 98618->98669 98620 ae093d 98670 ad5333 21 API calls 2 library calls 98620->98670 98622->98568 98623->98574 98624->98574 98626 ae046a 98625->98626 98627 ae0450 98625->98627 98671 ae03bf 98626->98671 98627->98626 98678 acf2d9 20 API calls __dosmaperr 98627->98678 98630 ae04a2 98633 ae04d1 98630->98633 98680 acf2d9 20 API calls __dosmaperr 98630->98680 98631 ae045f 98679 ad27ec 26 API calls pre_c_initialization 98631->98679 98642 ae0524 98633->98642 98682 acd70d 26 API calls 2 library calls 98633->98682 98636 ae04c6 98681 ad27ec 26 API calls pre_c_initialization 98636->98681 98637 ae051f 98638 ae059e 98637->98638 98637->98642 98683 ad27fc 11 API calls _abort 98638->98683 98641 ae05aa 98642->98578 98642->98579 98644 ad522d ___BuildCatchObject 98643->98644 98686 ad2f5e EnterCriticalSection 98644->98686 98646 ad5234 98647 ad5259 98646->98647 98652 ad52c7 EnterCriticalSection 98646->98652 98655 ad527b 98646->98655 98690 ad5000 98647->98690 98650 ad52a4 __fread_nolock 98650->98583 98653 ad52d4 LeaveCriticalSection 98652->98653 98652->98655 98653->98646 98687 ad532a 98655->98687 98656->98596 98657->98582 98658->98613 98659->98589 98660->98582 98661->98602 98662->98582 98663->98598 98664->98605 98665->98604 98666->98606 98667->98609 98668->98616 98669->98620 98670->98617 98674 ae03d7 98671->98674 98672 ae03f2 98672->98630 98674->98672 98684 acf2d9 20 API calls __dosmaperr 98674->98684 98675 ae0416 98685 ad27ec 26 API calls pre_c_initialization 98675->98685 98677 ae0421 98677->98630 98678->98631 98679->98626 98680->98636 98681->98633 98682->98637 98683->98641 98684->98675 98685->98677 98686->98646 98698 ad2fa6 LeaveCriticalSection 98687->98698 98689 ad5331 98689->98650 98691 ad4c7d __dosmaperr 20 API calls 98690->98691 98693 ad5012 98691->98693 98692 ad501f 98694 ad29c8 _free 20 API calls 98692->98694 98693->98692 98699 ad3405 11 API calls 2 library calls 98693->98699 98696 ad5071 98694->98696 98696->98655 98697 ad5147 EnterCriticalSection 98696->98697 98697->98655 98698->98689 98699->98693 98700 aa105b 98705 aa344d 98700->98705 98702 aa106a 98736 ac00a3 29 API calls __onexit 98702->98736 98704 aa1074 98706 aa345d __wsopen_s 98705->98706 98707 aaa961 22 API calls 98706->98707 98708 aa3513 98707->98708 98709 aa3a5a 24 API calls 98708->98709 98710 aa351c 98709->98710 98737 aa3357 98710->98737 98713 aa33c6 22 API calls 98714 aa3535 98713->98714 98715 aa515f 22 API calls 98714->98715 98716 aa3544 98715->98716 98717 aaa961 22 API calls 98716->98717 98718 aa354d 98717->98718 98719 aaa6c3 22 API calls 98718->98719 98720 aa3556 RegOpenKeyExW 98719->98720 98721 ae3176 RegQueryValueExW 98720->98721 98725 aa3578 98720->98725 98722 ae320c RegCloseKey 98721->98722 98723 ae3193 98721->98723 98722->98725 98734 ae321e _wcslen 98722->98734 98724 abfe0b 22 API calls 98723->98724 98726 ae31ac 98724->98726 98725->98702 98727 aa5722 22 API calls 98726->98727 98728 ae31b7 RegQueryValueExW 98727->98728 98729 ae31d4 98728->98729 98731 ae31ee messages 98728->98731 98730 aa6b57 22 API calls 98729->98730 98730->98731 98731->98722 98732 aa9cb3 22 API calls 98732->98734 98733 aa515f 22 API calls 98733->98734 98734->98725 98734->98732 98734->98733 98735 aa4c6d 22 API calls 98734->98735 98735->98734 98736->98704 98738 ae1f50 __wsopen_s 98737->98738 98739 aa3364 GetFullPathNameW 98738->98739 98740 aa3386 98739->98740 98741 aa6b57 22 API calls 98740->98741 98742 aa33a4 98741->98742 98742->98713 98743 aa1098 98748 aa42de 98743->98748 98747 aa10a7 98749 aaa961 22 API calls 98748->98749 98750 aa42f5 GetVersionExW 98749->98750 98751 aa6b57 22 API calls 98750->98751 98752 aa4342 98751->98752 98753 aa93b2 22 API calls 98752->98753 98765 aa4378 98752->98765 98754 aa436c 98753->98754 98756 aa37a0 22 API calls 98754->98756 98755 aa441b GetCurrentProcess IsWow64Process 98757 aa4437 98755->98757 98756->98765 98758 aa444f LoadLibraryA 98757->98758 98759 ae3824 GetSystemInfo 98757->98759 98760 aa449c GetSystemInfo 98758->98760 98761 aa4460 GetProcAddress 98758->98761 98764 aa4476 98760->98764 98761->98760 98763 aa4470 GetNativeSystemInfo 98761->98763 98762 ae37df 98763->98764 98766 aa447a FreeLibrary 98764->98766 98767 aa109d 98764->98767 98765->98755 98765->98762 98766->98767 98768 ac00a3 29 API calls __onexit 98767->98768 98768->98747 98769 aaf7bf 98770 aaf7d3 98769->98770 98771 aafcb6 98769->98771 98773 aafcc2 98770->98773 98774 abfddb 22 API calls 98770->98774 98806 aaaceb 23 API calls messages 98771->98806 98807 aaaceb 23 API calls messages 98773->98807 98776 aaf7e5 98774->98776 98776->98773 98777 aaf83e 98776->98777 98778 aafd3d 98776->98778 98780 ab1310 256 API calls 98777->98780 98794 aaed9d messages 98777->98794 98808 b11155 22 API calls 98778->98808 98798 aaec76 messages 98780->98798 98781 abfddb 22 API calls 98781->98798 98782 aafef7 98791 aaa8c7 22 API calls 98782->98791 98782->98794 98784 af4beb 98812 b1359c 82 API calls __wsopen_s 98784->98812 98786 af4b0b 98810 b1359c 82 API calls __wsopen_s 98786->98810 98787 aaa8c7 22 API calls 98787->98798 98788 af4600 98792 aaa8c7 22 API calls 98788->98792 98788->98794 98791->98794 98792->98794 98795 aafbe3 98795->98794 98797 af4bdc 98795->98797 98803 aaf3ae messages 98795->98803 98796 aaa961 22 API calls 98796->98798 98811 b1359c 82 API calls __wsopen_s 98797->98811 98798->98781 98798->98782 98798->98784 98798->98786 98798->98787 98798->98788 98798->98794 98798->98795 98798->98796 98800 ac00a3 29 API calls pre_c_initialization 98798->98800 98801 ac0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 98798->98801 98802 ac01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 98798->98802 98798->98803 98804 ab01e0 256 API calls 2 library calls 98798->98804 98805 ab06a0 41 API calls messages 98798->98805 98800->98798 98801->98798 98802->98798 98803->98794 98809 b1359c 82 API calls __wsopen_s 98803->98809 98804->98798 98805->98798 98806->98773 98807->98778 98808->98794 98809->98794 98810->98794 98811->98784 98812->98794 98813 ad90fa 98814 ad9107 98813->98814 98818 ad911f 98813->98818 98863 acf2d9 20 API calls __dosmaperr 98814->98863 98816 ad910c 98864 ad27ec 26 API calls pre_c_initialization 98816->98864 98819 ad917a 98818->98819 98827 ad9117 98818->98827 98865 adfdc4 21 API calls 2 library calls 98818->98865 98821 acd955 __fread_nolock 26 API calls 98819->98821 98822 ad9192 98821->98822 98833 ad8c32 98822->98833 98824 ad9199 98825 acd955 __fread_nolock 26 API calls 98824->98825 98824->98827 98826 ad91c5 98825->98826 98826->98827 98828 acd955 __fread_nolock 26 API calls 98826->98828 98829 ad91d3 98828->98829 98829->98827 98830 acd955 __fread_nolock 26 API calls 98829->98830 98831 ad91e3 98830->98831 98832 acd955 __fread_nolock 26 API calls 98831->98832 98832->98827 98834 ad8c3e ___BuildCatchObject 98833->98834 98835 ad8c5e 98834->98835 98836 ad8c46 98834->98836 98838 ad8d24 98835->98838 98842 ad8c97 98835->98842 98867 acf2c6 20 API calls __dosmaperr 98836->98867 98874 acf2c6 20 API calls __dosmaperr 98838->98874 98839 ad8c4b 98868 acf2d9 20 API calls __dosmaperr 98839->98868 98844 ad8cbb 98842->98844 98845 ad8ca6 98842->98845 98843 ad8d29 98875 acf2d9 20 API calls __dosmaperr 98843->98875 98866 ad5147 EnterCriticalSection 98844->98866 98869 acf2c6 20 API calls __dosmaperr 98845->98869 98849 ad8cb3 98876 ad27ec 26 API calls pre_c_initialization 98849->98876 98850 ad8cab 98870 acf2d9 20 API calls __dosmaperr 98850->98870 98851 ad8cc1 98852 ad8cdd 98851->98852 98853 ad8cf2 98851->98853 98871 acf2d9 20 API calls __dosmaperr 98852->98871 98858 ad8d45 __fread_nolock 38 API calls 98853->98858 98855 ad8c53 __fread_nolock 98855->98824 98860 ad8ced 98858->98860 98859 ad8ce2 98872 acf2c6 20 API calls __dosmaperr 98859->98872 98873 ad8d1c LeaveCriticalSection __wsopen_s 98860->98873 98863->98816 98864->98827 98865->98819 98866->98851 98867->98839 98868->98855 98869->98850 98870->98849 98871->98859 98872->98860 98873->98855 98874->98843 98875->98849 98876->98855 98877 ac03fb 98878 ac0407 ___BuildCatchObject 98877->98878 98906 abfeb1 98878->98906 98880 ac040e 98881 ac0561 98880->98881 98884 ac0438 98880->98884 98933 ac083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 98881->98933 98883 ac0568 98934 ac4e52 28 API calls _abort 98883->98934 98895 ac0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 98884->98895 98917 ad247d 98884->98917 98886 ac056e 98935 ac4e04 28 API calls _abort 98886->98935 98890 ac0576 98891 ac0457 98893 ac04d8 98925 ac0959 98893->98925 98895->98893 98929 ac4e1a 38 API calls 3 library calls 98895->98929 98897 ac04de 98898 ac04f3 98897->98898 98930 ac0992 GetModuleHandleW 98898->98930 98900 ac04fa 98900->98883 98901 ac04fe 98900->98901 98902 ac0507 98901->98902 98931 ac4df5 28 API calls _abort 98901->98931 98932 ac0040 13 API calls 2 library calls 98902->98932 98905 ac050f 98905->98891 98907 abfeba 98906->98907 98936 ac0698 IsProcessorFeaturePresent 98907->98936 98909 abfec6 98937 ac2c94 10 API calls 3 library calls 98909->98937 98911 abfecb 98912 abfecf 98911->98912 98938 ad2317 98911->98938 98912->98880 98915 abfee6 98915->98880 98920 ad2494 98917->98920 98918 ac0a8c _ValidateLocalCookies 5 API calls 98919 ac0451 98918->98919 98919->98891 98921 ad2421 98919->98921 98920->98918 98923 ad2450 98921->98923 98922 ac0a8c _ValidateLocalCookies 5 API calls 98924 ad2479 98922->98924 98923->98922 98924->98895 98981 ac2340 98925->98981 98927 ac096c GetStartupInfoW 98928 ac097f 98927->98928 98928->98897 98929->98893 98930->98900 98931->98902 98932->98905 98933->98883 98934->98886 98935->98890 98936->98909 98937->98911 98942 add1f6 98938->98942 98941 ac2cbd 8 API calls 3 library calls 98941->98912 98943 add213 98942->98943 98946 add20f 98942->98946 98943->98946 98948 ad4bfb 98943->98948 98944 ac0a8c _ValidateLocalCookies 5 API calls 98945 abfed8 98944->98945 98945->98915 98945->98941 98946->98944 98949 ad4c07 ___BuildCatchObject 98948->98949 98960 ad2f5e EnterCriticalSection 98949->98960 98951 ad4c0e 98961 ad50af 98951->98961 98953 ad4c1d 98954 ad4c2c 98953->98954 98974 ad4a8f 29 API calls 98953->98974 98976 ad4c48 LeaveCriticalSection _abort 98954->98976 98957 ad4c27 98975 ad4b45 GetStdHandle GetFileType 98957->98975 98959 ad4c3d __fread_nolock 98959->98943 98960->98951 98962 ad50bb ___BuildCatchObject 98961->98962 98963 ad50df 98962->98963 98964 ad50c8 98962->98964 98977 ad2f5e EnterCriticalSection 98963->98977 98978 acf2d9 20 API calls __dosmaperr 98964->98978 98967 ad50cd 98979 ad27ec 26 API calls pre_c_initialization 98967->98979 98969 ad50d7 __fread_nolock 98969->98953 98970 ad5117 98980 ad513e LeaveCriticalSection _abort 98970->98980 98971 ad50eb 98971->98970 98973 ad5000 __wsopen_s 21 API calls 98971->98973 98973->98971 98974->98957 98975->98954 98976->98959 98977->98971 98978->98967 98979->98969 98980->98969 98982 ac2357 98981->98982 98982->98927 98982->98982 98983 aa1033 98988 aa4c91 98983->98988 98987 aa1042 98989 aaa961 22 API calls 98988->98989 98990 aa4cff 98989->98990 98996 aa3af0 98990->98996 98993 aa4d9c 98994 aa1038 98993->98994 98999 aa51f7 22 API calls __fread_nolock 98993->98999 98995 ac00a3 29 API calls __onexit 98994->98995 98995->98987 99000 aa3b1c 98996->99000 98999->98993 99001 aa3b0f 99000->99001 99002 aa3b29 99000->99002 99001->98993 99002->99001 99003 aa3b30 RegOpenKeyExW 99002->99003 99003->99001 99004 aa3b4a RegQueryValueExW 99003->99004 99005 aa3b6b 99004->99005 99006 aa3b80 RegCloseKey 99004->99006 99005->99006 99006->99001 99007 af3f75 99018 abceb1 99007->99018 99009 af3f8b 99011 af4006 99009->99011 99027 abe300 23 API calls 99009->99027 99013 aabf40 256 API calls 99011->99013 99012 af3fe6 99015 af4052 99012->99015 99028 b11abf 22 API calls 99012->99028 99013->99015 99016 af4a88 99015->99016 99029 b1359c 82 API calls __wsopen_s 99015->99029 99019 abcebf 99018->99019 99020 abced2 99018->99020 99030 aaaceb 23 API calls messages 99019->99030 99022 abced7 99020->99022 99023 abcf05 99020->99023 99025 abfddb 22 API calls 99022->99025 99031 aaaceb 23 API calls messages 99023->99031 99026 abcec9 99025->99026 99026->99009 99027->99012 99028->99011 99029->99016 99030->99026 99031->99026 99032 aa3156 99035 aa3170 99032->99035 99036 aa3187 99035->99036 99037 aa31eb 99036->99037 99038 aa318c 99036->99038 99074 aa31e9 99036->99074 99042 ae2dfb 99037->99042 99043 aa31f1 99037->99043 99039 aa3199 99038->99039 99040 aa3265 PostQuitMessage 99038->99040 99045 ae2e7c 99039->99045 99046 aa31a4 99039->99046 99047 aa316a 99040->99047 99041 aa31d0 DefWindowProcW 99041->99047 99091 aa18e2 10 API calls 99042->99091 99048 aa31f8 99043->99048 99049 aa321d SetTimer RegisterWindowMessageW 99043->99049 99095 b0bf30 34 API calls ___scrt_fastfail 99045->99095 99051 aa31ae 99046->99051 99052 ae2e68 99046->99052 99055 ae2d9c 99048->99055 99056 aa3201 KillTimer 99048->99056 99049->99047 99053 aa3246 CreatePopupMenu 99049->99053 99050 ae2e1c 99092 abe499 42 API calls 99050->99092 99059 ae2e4d 99051->99059 99060 aa31b9 99051->99060 99080 b0c161 99052->99080 99053->99047 99062 ae2dd7 MoveWindow 99055->99062 99063 ae2da1 99055->99063 99087 aa30f2 Shell_NotifyIconW ___scrt_fastfail 99056->99087 99059->99041 99094 b00ad7 22 API calls 99059->99094 99066 aa31c4 99060->99066 99067 aa3253 99060->99067 99061 ae2e8e 99061->99041 99061->99047 99062->99047 99068 ae2dc6 SetFocus 99063->99068 99069 ae2da7 99063->99069 99065 aa3214 99088 aa3c50 DeleteObject DestroyWindow 99065->99088 99066->99041 99093 aa30f2 Shell_NotifyIconW ___scrt_fastfail 99066->99093 99089 aa326f 44 API calls ___scrt_fastfail 99067->99089 99068->99047 99069->99066 99072 ae2db0 99069->99072 99090 aa18e2 10 API calls 99072->99090 99074->99041 99075 aa3263 99075->99047 99078 ae2e41 99079 aa3837 49 API calls 99078->99079 99079->99074 99081 b0c276 99080->99081 99082 b0c179 ___scrt_fastfail 99080->99082 99081->99047 99083 aa3923 24 API calls 99082->99083 99085 b0c1a0 99083->99085 99084 b0c25f KillTimer SetTimer 99084->99081 99085->99084 99086 b0c251 Shell_NotifyIconW 99085->99086 99086->99084 99087->99065 99088->99047 99089->99075 99090->99047 99091->99050 99092->99066 99093->99078 99094->99074 99095->99061 99096 aa2e37 99097 aaa961 22 API calls 99096->99097 99098 aa2e4d 99097->99098 99175 aa4ae3 99098->99175 99100 aa2e6b 99101 aa3a5a 24 API calls 99100->99101 99102 aa2e7f 99101->99102 99103 aa9cb3 22 API calls 99102->99103 99104 aa2e8c 99103->99104 99105 aa4ecb 94 API calls 99104->99105 99106 aa2ea5 99105->99106 99107 aa2ead 99106->99107 99108 ae2cb0 99106->99108 99111 aaa8c7 22 API calls 99107->99111 99109 b12cf9 80 API calls 99108->99109 99110 ae2cc3 99109->99110 99112 ae2ccf 99110->99112 99114 aa4f39 68 API calls 99110->99114 99113 aa2ec3 99111->99113 99116 aa4f39 68 API calls 99112->99116 99189 aa6f88 22 API calls 99113->99189 99114->99112 99118 ae2ce5 99116->99118 99117 aa2ecf 99119 aa9cb3 22 API calls 99117->99119 99205 aa3084 22 API calls 99118->99205 99120 aa2edc 99119->99120 99190 aaa81b 41 API calls 99120->99190 99123 aa2eec 99125 aa9cb3 22 API calls 99123->99125 99124 ae2d02 99206 aa3084 22 API calls 99124->99206 99126 aa2f12 99125->99126 99191 aaa81b 41 API calls 99126->99191 99129 ae2d1e 99130 aa3a5a 24 API calls 99129->99130 99131 ae2d44 99130->99131 99207 aa3084 22 API calls 99131->99207 99132 aa2f21 99135 aaa961 22 API calls 99132->99135 99134 ae2d50 99136 aaa8c7 22 API calls 99134->99136 99137 aa2f3f 99135->99137 99138 ae2d5e 99136->99138 99192 aa3084 22 API calls 99137->99192 99208 aa3084 22 API calls 99138->99208 99141 aa2f4b 99193 ac4a28 40 API calls 3 library calls 99141->99193 99142 ae2d6d 99147 aaa8c7 22 API calls 99142->99147 99144 aa2f59 99144->99118 99145 aa2f63 99144->99145 99194 ac4a28 40 API calls 3 library calls 99145->99194 99149 ae2d83 99147->99149 99148 aa2f6e 99148->99124 99150 aa2f78 99148->99150 99209 aa3084 22 API calls 99149->99209 99195 ac4a28 40 API calls 3 library calls 99150->99195 99153 ae2d90 99154 aa2f83 99154->99129 99155 aa2f8d 99154->99155 99196 ac4a28 40 API calls 3 library calls 99155->99196 99157 aa2f98 99158 aa2fdc 99157->99158 99197 aa3084 22 API calls 99157->99197 99158->99142 99159 aa2fe8 99158->99159 99159->99153 99199 aa63eb 22 API calls 99159->99199 99162 aa2fbf 99164 aaa8c7 22 API calls 99162->99164 99163 aa2ff8 99200 aa6a50 22 API calls 99163->99200 99166 aa2fcd 99164->99166 99198 aa3084 22 API calls 99166->99198 99167 aa3006 99201 aa70b0 23 API calls 99167->99201 99172 aa3021 99173 aa3065 99172->99173 99202 aa6f88 22 API calls 99172->99202 99203 aa70b0 23 API calls 99172->99203 99204 aa3084 22 API calls 99172->99204 99176 aa4af0 __wsopen_s 99175->99176 99177 aa6b57 22 API calls 99176->99177 99178 aa4b22 99176->99178 99177->99178 99179 aa4c6d 22 API calls 99178->99179 99188 aa4b58 99178->99188 99179->99178 99180 aa9cb3 22 API calls 99182 aa4c52 99180->99182 99181 aa9cb3 22 API calls 99181->99188 99183 aa515f 22 API calls 99182->99183 99186 aa4c5e 99183->99186 99184 aa4c6d 22 API calls 99184->99188 99185 aa515f 22 API calls 99185->99188 99186->99100 99187 aa4c29 99187->99180 99187->99186 99188->99181 99188->99184 99188->99185 99188->99187 99189->99117 99190->99123 99191->99132 99192->99141 99193->99144 99194->99148 99195->99154 99196->99157 99197->99162 99198->99158 99199->99163 99200->99167 99201->99172 99202->99172 99203->99172 99204->99172 99205->99124 99206->99129 99207->99134 99208->99142 99209->99153

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 234 aa42de-aa434d call aaa961 GetVersionExW call aa6b57 239 ae3617-ae362a 234->239 240 aa4353 234->240 241 ae362b-ae362f 239->241 242 aa4355-aa4357 240->242 243 ae3632-ae363e 241->243 244 ae3631 241->244 245 aa435d-aa43bc call aa93b2 call aa37a0 242->245 246 ae3656 242->246 243->241 247 ae3640-ae3642 243->247 244->243 263 ae37df-ae37e6 245->263 264 aa43c2-aa43c4 245->264 250 ae365d-ae3660 246->250 247->242 249 ae3648-ae364f 247->249 249->239 252 ae3651 249->252 253 aa441b-aa4435 GetCurrentProcess IsWow64Process 250->253 254 ae3666-ae36a8 250->254 252->246 256 aa4437 253->256 257 aa4494-aa449a 253->257 254->253 258 ae36ae-ae36b1 254->258 260 aa443d-aa4449 256->260 257->260 261 ae36db-ae36e5 258->261 262 ae36b3-ae36bd 258->262 269 aa444f-aa445e LoadLibraryA 260->269 270 ae3824-ae3828 GetSystemInfo 260->270 265 ae36f8-ae3702 261->265 266 ae36e7-ae36f3 261->266 271 ae36bf-ae36c5 262->271 272 ae36ca-ae36d6 262->272 267 ae37e8 263->267 268 ae3806-ae3809 263->268 264->250 273 aa43ca-aa43dd 264->273 277 ae3704-ae3710 265->277 278 ae3715-ae3721 265->278 266->253 276 ae37ee 267->276 279 ae380b-ae381a 268->279 280 ae37f4-ae37fc 268->280 281 aa449c-aa44a6 GetSystemInfo 269->281 282 aa4460-aa446e GetProcAddress 269->282 271->253 272->253 274 ae3726-ae372f 273->274 275 aa43e3-aa43e5 273->275 285 ae373c-ae3748 274->285 286 ae3731-ae3737 274->286 283 aa43eb-aa43ee 275->283 284 ae374d-ae3762 275->284 276->280 277->253 278->253 279->276 287 ae381c-ae3822 279->287 280->268 289 aa4476-aa4478 281->289 282->281 288 aa4470-aa4474 GetNativeSystemInfo 282->288 290 aa43f4-aa440f 283->290 291 ae3791-ae3794 283->291 292 ae376f-ae377b 284->292 293 ae3764-ae376a 284->293 285->253 286->253 287->280 288->289 294 aa447a-aa447b FreeLibrary 289->294 295 aa4481-aa4493 289->295 296 ae3780-ae378c 290->296 297 aa4415 290->297 291->253 298 ae379a-ae37c1 291->298 292->253 293->253 294->295 296->253 297->253 299 ae37ce-ae37da 298->299 300 ae37c3-ae37c9 298->300 299->253 300->253
                                                                          APIs
                                                                          • GetVersionExW.KERNEL32(?), ref: 00AA430D
                                                                            • Part of subcall function 00AA6B57: _wcslen.LIBCMT ref: 00AA6B6A
                                                                          • GetCurrentProcess.KERNEL32(?,00B3CB64,00000000,?,?), ref: 00AA4422
                                                                          • IsWow64Process.KERNEL32(00000000,?,?), ref: 00AA4429
                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00AA4454
                                                                          • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00AA4466
                                                                          • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00AA4474
                                                                          • FreeLibrary.KERNEL32(00000000,?,?), ref: 00AA447B
                                                                          • GetSystemInfo.KERNEL32(?,?,?), ref: 00AA44A0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                          • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                          • API String ID: 3290436268-3101561225
                                                                          • Opcode ID: c87386940259280d32d87b1a354880ac706b92295ed3d48529ad40afb2c977bc
                                                                          • Instruction ID: 9d279624437f9a59dd468a3096eb8b8f671cc8e033a3463b36224515468e012d
                                                                          • Opcode Fuzzy Hash: c87386940259280d32d87b1a354880ac706b92295ed3d48529ad40afb2c977bc
                                                                          • Instruction Fuzzy Hash: 44A1D67290A2C0FFCB11CB7D7C451997FF46B6A300B168C99E08DA7AE2DB604584DB39

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 661 aa42a2-aa42ba CreateStreamOnHGlobal 662 aa42da-aa42dd 661->662 663 aa42bc-aa42d3 FindResourceExW 661->663 664 aa42d9 663->664 665 ae35ba-ae35c9 LoadResource 663->665 664->662 665->664 666 ae35cf-ae35dd SizeofResource 665->666 666->664 667 ae35e3-ae35ee LockResource 666->667 667->664 668 ae35f4-ae35fc 667->668 669 ae3600-ae3612 668->669 669->664
                                                                          APIs
                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00AA50AA,?,?,00000000,00000000), ref: 00AA42B2
                                                                          • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00AA50AA,?,?,00000000,00000000), ref: 00AA42C9
                                                                          • LoadResource.KERNEL32(?,00000000,?,?,00AA50AA,?,?,00000000,00000000,?,?,?,?,?,?,00AA4F20), ref: 00AE35BE
                                                                          • SizeofResource.KERNEL32(?,00000000,?,?,00AA50AA,?,?,00000000,00000000,?,?,?,?,?,?,00AA4F20), ref: 00AE35D3
                                                                          • LockResource.KERNEL32(00AA50AA,?,?,00AA50AA,?,?,00000000,00000000,?,?,?,?,?,?,00AA4F20,?), ref: 00AE35E6
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                          • String ID: SCRIPT
                                                                          • API String ID: 3051347437-3967369404
                                                                          • Opcode ID: 99dd4a00ea63c583c0887f9465fb2f115afa3a45432539d44e7bde91a1a6d6b2
                                                                          • Instruction ID: 8bf6c444e22d256abdaa87ce9ed5e7d40808dd2e5fdb70adfda83064cb1c797d
                                                                          • Opcode Fuzzy Hash: 99dd4a00ea63c583c0887f9465fb2f115afa3a45432539d44e7bde91a1a6d6b2
                                                                          • Instruction Fuzzy Hash: 43113075240701BFD7218BA5DC49F677BB9EBC9B51F244169B50297290DBB1D8048760

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00AA2B6B
                                                                            • Part of subcall function 00AA3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00B71418,?,00AA2E7F,?,?,?,00000000), ref: 00AA3A78
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                          • GetForegroundWindow.USER32(runas,?,?,?,?,?,00B62224), ref: 00AE2C10
                                                                          • ShellExecuteW.SHELL32(00000000,?,?,00B62224), ref: 00AE2C17
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                          • String ID: runas
                                                                          • API String ID: 448630720-4000483414
                                                                          • Opcode ID: c1921d6999c3df0e5cd2b0c948972e5ea38949765a98c8a3b37f6b2ba8d84ce6
                                                                          • Instruction ID: 4621013bce0ad0effa53d24fa8b2c74bb7742026fa94b046e506e339cc27fc7f
                                                                          • Opcode Fuzzy Hash: c1921d6999c3df0e5cd2b0c948972e5ea38949765a98c8a3b37f6b2ba8d84ce6
                                                                          • Instruction Fuzzy Hash: 361106321083415BCB14FF68D952ABEBBA8AB97340F04486CF086571E2CF24895A9722
                                                                          APIs
                                                                          • lstrlenW.KERNEL32(?,00AE5222), ref: 00B0DBCE
                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 00B0DBDD
                                                                          • FindFirstFileW.KERNELBASE(?,?), ref: 00B0DBEE
                                                                          • FindClose.KERNEL32(00000000), ref: 00B0DBFA
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                          • String ID:
                                                                          • API String ID: 2695905019-0
                                                                          • Opcode ID: 692ace9a3b184ea804505116e350d4cf1ff434ef2275eba92aa63e5506e90063
                                                                          • Instruction ID: d6237e7300428a8a87ecdc320c210c98e7fd97aedb3c303d7608a06a98cbc18e
                                                                          • Opcode Fuzzy Hash: 692ace9a3b184ea804505116e350d4cf1ff434ef2275eba92aa63e5506e90063
                                                                          • Instruction Fuzzy Hash: FAF0A03181092057D2306FF8AC0D8AF3FACDE01334B204B42F836D20E0EFB099548A95
                                                                          APIs
                                                                          • GetInputState.USER32 ref: 00AAD807
                                                                          • timeGetTime.WINMM ref: 00AADA07
                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AADB28
                                                                          • TranslateMessage.USER32(?), ref: 00AADB7B
                                                                          • DispatchMessageW.USER32(?), ref: 00AADB89
                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AADB9F
                                                                          • Sleep.KERNEL32(0000000A), ref: 00AADBB1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                          • String ID:
                                                                          • API String ID: 2189390790-0
                                                                          • Opcode ID: 336f40c88f449778d6bdf9f2809ebde43f9c8b5f25af80d54b592096b403c44f
                                                                          • Instruction ID: e41857696c4a8d12f39457467beacc43cfe63deed272693dab9764df1be60d84
                                                                          • Opcode Fuzzy Hash: 336f40c88f449778d6bdf9f2809ebde43f9c8b5f25af80d54b592096b403c44f
                                                                          • Instruction Fuzzy Hash: 4842BE30608245EFD729CF24C885BBABBF4BF46314F148959F596876E1DB70E884CB92

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00AA2D07
                                                                          • RegisterClassExW.USER32(00000030), ref: 00AA2D31
                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AA2D42
                                                                          • InitCommonControlsEx.COMCTL32(?), ref: 00AA2D5F
                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AA2D6F
                                                                          • LoadIconW.USER32(000000A9), ref: 00AA2D85
                                                                          • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00AA2D94
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                          • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                          • API String ID: 2914291525-1005189915
                                                                          • Opcode ID: 880cba9c3566544b71ddf38cbb190c971747734949722be1a0ee45117423bf23
                                                                          • Instruction ID: 8b4fff4dd75948aea1102ee7016bf98d3c3265bf0f0b96051fdf0ce6f642aa37
                                                                          • Opcode Fuzzy Hash: 880cba9c3566544b71ddf38cbb190c971747734949722be1a0ee45117423bf23
                                                                          • Instruction Fuzzy Hash: 9021D3B5911208EFDB009FE8EC49A9DBFB8FB08700F10451AEA15B72A0DBB145858FA4

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 302 ae065b-ae068b call ae042f 305 ae068d-ae0698 call acf2c6 302->305 306 ae06a6-ae06b2 call ad5221 302->306 311 ae069a-ae06a1 call acf2d9 305->311 312 ae06cb-ae0714 call ae039a 306->312 313 ae06b4-ae06c9 call acf2c6 call acf2d9 306->313 323 ae097d-ae0983 311->323 321 ae0716-ae071f 312->321 322 ae0781-ae078a GetFileType 312->322 313->311 327 ae0756-ae077c GetLastError call acf2a3 321->327 328 ae0721-ae0725 321->328 324 ae078c-ae07bd GetLastError call acf2a3 CloseHandle 322->324 325 ae07d3-ae07d6 322->325 324->311 339 ae07c3-ae07ce call acf2d9 324->339 330 ae07df-ae07e5 325->330 331 ae07d8-ae07dd 325->331 327->311 328->327 332 ae0727-ae0754 call ae039a 328->332 335 ae07e9-ae0837 call ad516a 330->335 336 ae07e7 330->336 331->335 332->322 332->327 345 ae0839-ae0845 call ae05ab 335->345 346 ae0847-ae086b call ae014d 335->346 336->335 339->311 345->346 351 ae086f-ae0879 call ad86ae 345->351 352 ae087e-ae08c1 346->352 353 ae086d 346->353 351->323 355 ae08e2-ae08f0 352->355 356 ae08c3-ae08c7 352->356 353->351 359 ae097b 355->359 360 ae08f6-ae08fa 355->360 356->355 358 ae08c9-ae08dd 356->358 358->355 359->323 360->359 361 ae08fc-ae092f CloseHandle call ae039a 360->361 364 ae0963-ae0977 361->364 365 ae0931-ae095d GetLastError call acf2a3 call ad5333 361->365 364->359 365->364
                                                                          APIs
                                                                            • Part of subcall function 00AE039A: CreateFileW.KERNELBASE(00000000,00000000,?,00AE0704,?,?,00000000,?,00AE0704,00000000,0000000C), ref: 00AE03B7
                                                                          • GetLastError.KERNEL32 ref: 00AE076F
                                                                          • __dosmaperr.LIBCMT ref: 00AE0776
                                                                          • GetFileType.KERNELBASE(00000000), ref: 00AE0782
                                                                          • GetLastError.KERNEL32 ref: 00AE078C
                                                                          • __dosmaperr.LIBCMT ref: 00AE0795
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00AE07B5
                                                                          • CloseHandle.KERNEL32(?), ref: 00AE08FF
                                                                          • GetLastError.KERNEL32 ref: 00AE0931
                                                                          • __dosmaperr.LIBCMT ref: 00AE0938
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                          • String ID: H
                                                                          • API String ID: 4237864984-2852464175
                                                                          • Opcode ID: 94a2eb65954d62c599beb030bd0a2c2fda83b64a33485b594a89d3e59652cab8
                                                                          • Instruction ID: 75c17dfb9691f72a288282ecdf673f51a4f6c8d0f6d75bdfb99d225c41814dd3
                                                                          • Opcode Fuzzy Hash: 94a2eb65954d62c599beb030bd0a2c2fda83b64a33485b594a89d3e59652cab8
                                                                          • Instruction Fuzzy Hash: F2A12632A141848FDF19AF68D851FAE3BB1AB06320F24015EF815EF391DB719D92CB91

                                                                          Control-flow Graph

                                                                          APIs
                                                                            • Part of subcall function 00AA3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00B71418,?,00AA2E7F,?,?,?,00000000), ref: 00AA3A78
                                                                            • Part of subcall function 00AA3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00AA3379
                                                                          • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00AA356A
                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00AE318D
                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00AE31CE
                                                                          • RegCloseKey.ADVAPI32(?), ref: 00AE3210
                                                                          • _wcslen.LIBCMT ref: 00AE3277
                                                                          • _wcslen.LIBCMT ref: 00AE3286
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                          • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                          • API String ID: 98802146-2727554177
                                                                          • Opcode ID: a9388b6747bec6e9d2d0f6e2c09fbfe92f406178816e9a3968bb3b8daf7a0630
                                                                          • Instruction ID: 9c4f4735ee4e83ee9c41021705b752b34710a44ec541037a890d6e9d19a92306
                                                                          • Opcode Fuzzy Hash: a9388b6747bec6e9d2d0f6e2c09fbfe92f406178816e9a3968bb3b8daf7a0630
                                                                          • Instruction Fuzzy Hash: F671E6724043019ED704EF65DD869ABBBF8FF99340F41082EF589971A0EF348A88CB56

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00AA2B8E
                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00AA2B9D
                                                                          • LoadIconW.USER32(00000063), ref: 00AA2BB3
                                                                          • LoadIconW.USER32(000000A4), ref: 00AA2BC5
                                                                          • LoadIconW.USER32(000000A2), ref: 00AA2BD7
                                                                          • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00AA2BEF
                                                                          • RegisterClassExW.USER32(?), ref: 00AA2C40
                                                                            • Part of subcall function 00AA2CD4: GetSysColorBrush.USER32(0000000F), ref: 00AA2D07
                                                                            • Part of subcall function 00AA2CD4: RegisterClassExW.USER32(00000030), ref: 00AA2D31
                                                                            • Part of subcall function 00AA2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AA2D42
                                                                            • Part of subcall function 00AA2CD4: InitCommonControlsEx.COMCTL32(?), ref: 00AA2D5F
                                                                            • Part of subcall function 00AA2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AA2D6F
                                                                            • Part of subcall function 00AA2CD4: LoadIconW.USER32(000000A9), ref: 00AA2D85
                                                                            • Part of subcall function 00AA2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00AA2D94
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                          • String ID: #$0$AutoIt v3
                                                                          • API String ID: 423443420-4155596026
                                                                          • Opcode ID: e56af5c8030352f32693b1880cccc3c6b779fef1ff45fa63a220676d95a907b9
                                                                          • Instruction ID: 6745bcdea0cf355941a444524a92b67919b1e7ccf4d92175fec13c42ea5f620f
                                                                          • Opcode Fuzzy Hash: e56af5c8030352f32693b1880cccc3c6b779fef1ff45fa63a220676d95a907b9
                                                                          • Instruction Fuzzy Hash: 65212571A00318AFDB10DFADEC45AAD7FB4FB08B50F11041AE508A76A0DBB109848FA8

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 443 aa3170-aa3185 444 aa3187-aa318a 443->444 445 aa31e5-aa31e7 443->445 446 aa31eb 444->446 447 aa318c-aa3193 444->447 445->444 448 aa31e9 445->448 452 ae2dfb-ae2e23 call aa18e2 call abe499 446->452 453 aa31f1-aa31f6 446->453 449 aa3199-aa319e 447->449 450 aa3265-aa326d PostQuitMessage 447->450 451 aa31d0-aa31d8 DefWindowProcW 448->451 455 ae2e7c-ae2e90 call b0bf30 449->455 456 aa31a4-aa31a8 449->456 458 aa3219-aa321b 450->458 457 aa31de-aa31e4 451->457 487 ae2e28-ae2e2f 452->487 459 aa31f8-aa31fb 453->459 460 aa321d-aa3244 SetTimer RegisterWindowMessageW 453->460 455->458 481 ae2e96 455->481 462 aa31ae-aa31b3 456->462 463 ae2e68-ae2e72 call b0c161 456->463 458->457 466 ae2d9c-ae2d9f 459->466 467 aa3201-aa3214 KillTimer call aa30f2 call aa3c50 459->467 460->458 464 aa3246-aa3251 CreatePopupMenu 460->464 470 ae2e4d-ae2e54 462->470 471 aa31b9-aa31be 462->471 477 ae2e77 463->477 464->458 473 ae2dd7-ae2df6 MoveWindow 466->473 474 ae2da1-ae2da5 466->474 467->458 470->451 484 ae2e5a-ae2e63 call b00ad7 470->484 479 aa3253-aa3263 call aa326f 471->479 480 aa31c4-aa31ca 471->480 473->458 482 ae2dc6-ae2dd2 SetFocus 474->482 483 ae2da7-ae2daa 474->483 477->458 479->458 480->451 480->487 481->451 482->458 483->480 488 ae2db0-ae2dc1 call aa18e2 483->488 484->451 487->451 492 ae2e35-ae2e48 call aa30f2 call aa3837 487->492 488->458 492->451
                                                                          APIs
                                                                          • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00AA316A,?,?), ref: 00AA31D8
                                                                          • KillTimer.USER32(?,00000001,?,?,?,?,?,00AA316A,?,?), ref: 00AA3204
                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00AA3227
                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00AA316A,?,?), ref: 00AA3232
                                                                          • CreatePopupMenu.USER32 ref: 00AA3246
                                                                          • PostQuitMessage.USER32(00000000), ref: 00AA3267
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                          • String ID: TaskbarCreated
                                                                          • API String ID: 129472671-2362178303
                                                                          • Opcode ID: 2edc68201d05efd98f954ea10d67a9b9d4df90614a877b80b3327b2e6679b4ed
                                                                          • Instruction ID: ba846bb20cef8c81fe2198b1a0e060ae6452bb98a14d481ff58d05f993ca311c
                                                                          • Opcode Fuzzy Hash: 2edc68201d05efd98f954ea10d67a9b9d4df90614a877b80b3327b2e6679b4ed
                                                                          • Instruction Fuzzy Hash: 24412133240204AADF141F7C9D4ABBD3AA9EB57340F144626FA1A972E1CF618E8587B1

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 499 ad8d45-ad8d55 500 ad8d6f-ad8d71 499->500 501 ad8d57-ad8d6a call acf2c6 call acf2d9 499->501 503 ad90d9-ad90e6 call acf2c6 call acf2d9 500->503 504 ad8d77-ad8d7d 500->504 517 ad90f1 501->517 523 ad90ec call ad27ec 503->523 504->503 507 ad8d83-ad8dae 504->507 507->503 510 ad8db4-ad8dbd 507->510 513 ad8dbf-ad8dd2 call acf2c6 call acf2d9 510->513 514 ad8dd7-ad8dd9 510->514 513->523 515 ad8ddf-ad8de3 514->515 516 ad90d5-ad90d7 514->516 515->516 521 ad8de9-ad8ded 515->521 522 ad90f4-ad90f9 516->522 517->522 521->513 525 ad8def-ad8e06 521->525 523->517 528 ad8e08-ad8e0b 525->528 529 ad8e23-ad8e2c 525->529 530 ad8e0d-ad8e13 528->530 531 ad8e15-ad8e1e 528->531 532 ad8e2e-ad8e45 call acf2c6 call acf2d9 call ad27ec 529->532 533 ad8e4a-ad8e54 529->533 530->531 530->532 536 ad8ebf-ad8ed9 531->536 561 ad900c 532->561 534 ad8e5b-ad8e79 call ad3820 call ad29c8 * 2 533->534 535 ad8e56-ad8e58 533->535 570 ad8e7b-ad8e91 call acf2d9 call acf2c6 534->570 571 ad8e96-ad8ebc call ad9424 534->571 535->534 538 ad8fad-ad8fb6 call adf89b 536->538 539 ad8edf-ad8eef 536->539 550 ad9029 538->550 551 ad8fb8-ad8fca 538->551 539->538 542 ad8ef5-ad8ef7 539->542 542->538 546 ad8efd-ad8f23 542->546 546->538 553 ad8f29-ad8f3c 546->553 559 ad902d-ad9045 ReadFile 550->559 551->550 555 ad8fcc-ad8fdb GetConsoleMode 551->555 553->538 557 ad8f3e-ad8f40 553->557 555->550 560 ad8fdd-ad8fe1 555->560 557->538 562 ad8f42-ad8f6d 557->562 564 ad9047-ad904d 559->564 565 ad90a1-ad90ac GetLastError 559->565 560->559 567 ad8fe3-ad8ffd ReadConsoleW 560->567 568 ad900f-ad9019 call ad29c8 561->568 562->538 569 ad8f6f-ad8f82 562->569 564->565 566 ad904f 564->566 572 ad90ae-ad90c0 call acf2d9 call acf2c6 565->572 573 ad90c5-ad90c8 565->573 575 ad9052-ad9064 566->575 577 ad8fff GetLastError 567->577 578 ad901e-ad9027 567->578 568->522 569->538 582 ad8f84-ad8f86 569->582 570->561 571->536 572->561 579 ad90ce-ad90d0 573->579 580 ad9005-ad900b call acf2a3 573->580 575->568 585 ad9066-ad906a 575->585 577->580 578->575 579->568 580->561 582->538 589 ad8f88-ad8fa8 582->589 592 ad906c-ad907c call ad8a61 585->592 593 ad9083-ad908e 585->593 589->538 604 ad907f-ad9081 592->604 598 ad909a-ad909f call ad88a1 593->598 599 ad9090 call ad8bb1 593->599 605 ad9095-ad9098 598->605 599->605 604->568 605->604
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 97c387b715740f6e6d184f25bdf7b9f0cb1af56f3b44ff28215958a4f91e215b
                                                                          • Instruction ID: 5fa911cc808a6f814534c00d48f03339f712f44f9340dbd1754bbebf117d8a22
                                                                          • Opcode Fuzzy Hash: 97c387b715740f6e6d184f25bdf7b9f0cb1af56f3b44ff28215958a4f91e215b
                                                                          • Instruction Fuzzy Hash: 68C1E574904349AFDF11EFA8D841BEEBBB1BF19310F14405AE51AAB392CB34D941CB61

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 607 179f8f0-179f99e call 179d2a0 610 179f9a5-179f9cb call 17a0800 CreateFileW 607->610 613 179f9cd 610->613 614 179f9d2-179f9e2 610->614 615 179fb1d-179fb21 613->615 622 179f9e9-179fa03 VirtualAlloc 614->622 623 179f9e4 614->623 616 179fb63-179fb66 615->616 617 179fb23-179fb27 615->617 619 179fb69-179fb70 616->619 620 179fb29-179fb2c 617->620 621 179fb33-179fb37 617->621 624 179fb72-179fb7d 619->624 625 179fbc5-179fbda 619->625 620->621 626 179fb39-179fb43 621->626 627 179fb47-179fb4b 621->627 628 179fa0a-179fa21 ReadFile 622->628 629 179fa05 622->629 623->615 632 179fb7f 624->632 633 179fb81-179fb8d 624->633 634 179fbea-179fbf2 625->634 635 179fbdc-179fbe7 VirtualFree 625->635 626->627 636 179fb5b 627->636 637 179fb4d-179fb57 627->637 630 179fa28-179fa68 VirtualAlloc 628->630 631 179fa23 628->631 629->615 638 179fa6a 630->638 639 179fa6f-179fa8a call 17a0a50 630->639 631->615 632->625 640 179fb8f-179fb9f 633->640 641 179fba1-179fbad 633->641 635->634 636->616 637->636 638->615 647 179fa95-179fa9f 639->647 643 179fbc3 640->643 644 179fbba-179fbc0 641->644 645 179fbaf-179fbb8 641->645 643->619 644->643 645->643 648 179faa1-179fad0 call 17a0a50 647->648 649 179fad2-179fae6 call 17a0860 647->649 648->647 655 179fae8 649->655 656 179faea-179faee 649->656 655->615 657 179fafa-179fafe 656->657 658 179faf0-179faf4 CloseHandle 656->658 659 179fb0e-179fb17 657->659 660 179fb00-179fb0b VirtualFree 657->660 658->657 659->610 659->615 660->659
                                                                          APIs
                                                                          • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 0179F9C1
                                                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0179FBE7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067569459.000000000179D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_179d000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CreateFileFreeVirtual
                                                                          • String ID:
                                                                          • API String ID: 204039940-0
                                                                          • Opcode ID: 1376b1c019e97a58b345df4903236ecb5f0b8c205347a8d20aa61bd2a2b0f564
                                                                          • Instruction ID: 8a2582b0f575ad8ab53fb82ccd5d8ba458daca7c7ebd491a466a503aa636c0f8
                                                                          • Opcode Fuzzy Hash: 1376b1c019e97a58b345df4903236ecb5f0b8c205347a8d20aa61bd2a2b0f564
                                                                          • Instruction Fuzzy Hash: B9A1F670E00209EBDF14CFA8D894BAEFBB5FF48314F208599E501AB281D7759A45CF94

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 671 aa2c63-aa2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                          APIs
                                                                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00AA2C91
                                                                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00AA2CB2
                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00AA1CAD,?), ref: 00AA2CC6
                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00AA1CAD,?), ref: 00AA2CCF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$CreateShow
                                                                          • String ID: AutoIt v3$edit
                                                                          • API String ID: 1584632944-3779509399
                                                                          • Opcode ID: b4b1c560c882b7b68b3a7352c3e6b1e6ea4278e55b7f215f01d276a58eb430f6
                                                                          • Instruction ID: 654517136cac7bb3c8bf9c9ae99dfcf831e5f0ca6f49d396c91d233ab11100d2
                                                                          • Opcode Fuzzy Hash: b4b1c560c882b7b68b3a7352c3e6b1e6ea4278e55b7f215f01d276a58eb430f6
                                                                          • Instruction Fuzzy Hash: 80F0DA765503907AEB311B6FAC09E773EBDD7C6F50F12445AF908B35A0CA611890DAB8

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 786 179f650-179f7df call 179d2a0 call 179f540 CreateFileW 793 179f7e1 786->793 794 179f7e6-179f7f9 786->794 795 179f89c-179f8a1 793->795 797 179f7fb 794->797 798 179f800-179f81a VirtualAlloc 794->798 797->795 799 179f81c 798->799 800 179f81e-179f838 ReadFile 798->800 799->795 801 179f83a 800->801 802 179f83c-179f876 call 179f580 call 179e540 800->802 801->795 807 179f878-179f88d call 179f5d0 802->807 808 179f892-179f89a ExitProcess 802->808 807->808 808->795
                                                                          APIs
                                                                            • Part of subcall function 0179F540: Sleep.KERNELBASE(000001F4), ref: 0179F551
                                                                          • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 0179F7D2
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067569459.000000000179D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_179d000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CreateFileSleep
                                                                          • String ID: MZMJ4R4LCAAYZKUSEMYXLR85TX4ZH
                                                                          • API String ID: 2694422964-2534943552
                                                                          • Opcode ID: 1cb2e184dc164af6ca0c3ead3108ecb00f641dc675b84f7a5d7bc12bb2b2fbdc
                                                                          • Instruction ID: 1d2411999404c24ecdbd3e85728739ba25899bba03e09d7e40f96b3666dc95a7
                                                                          • Opcode Fuzzy Hash: 1cb2e184dc164af6ca0c3ead3108ecb00f641dc675b84f7a5d7bc12bb2b2fbdc
                                                                          • Instruction Fuzzy Hash: 8571A330D1428DDAEF11DBE4D848BDEBFB5AF15300F044199D248BB2C1D7BA1A49CB66

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B12C05
                                                                          • DeleteFileW.KERNEL32(?), ref: 00B12C87
                                                                          • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00B12C9D
                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B12CAE
                                                                          • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B12CC0
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: File$Delete$Copy
                                                                          • String ID:
                                                                          • API String ID: 3226157194-0
                                                                          • Opcode ID: d0c9e7dc9579748b65543585e8577c86a88470e8d027f7f3406627c94365370c
                                                                          • Instruction ID: 287c0587019e182a2bc7a20f09509a90c6d3f765c2f0445b1b4b16ed20e236d9
                                                                          • Opcode Fuzzy Hash: d0c9e7dc9579748b65543585e8577c86a88470e8d027f7f3406627c94365370c
                                                                          • Instruction Fuzzy Hash: EFB14C72D00119ABDF11DBA4CD85EDEBBBDEF49350F5040AAF609E7141EB309A948FA1

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 952 aa3b1c-aa3b27 953 aa3b99-aa3b9b 952->953 954 aa3b29-aa3b2e 952->954 956 aa3b8c-aa3b8f 953->956 954->953 955 aa3b30-aa3b48 RegOpenKeyExW 954->955 955->953 957 aa3b4a-aa3b69 RegQueryValueExW 955->957 958 aa3b6b-aa3b76 957->958 959 aa3b80-aa3b8b RegCloseKey 957->959 960 aa3b78-aa3b7a 958->960 961 aa3b90-aa3b97 958->961 959->956 962 aa3b7e 960->962 961->962 962->959
                                                                          APIs
                                                                          • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00AA3B0F,SwapMouseButtons,00000004,?), ref: 00AA3B40
                                                                          • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00AA3B0F,SwapMouseButtons,00000004,?), ref: 00AA3B61
                                                                          • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00AA3B0F,SwapMouseButtons,00000004,?), ref: 00AA3B83
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpenQueryValue
                                                                          • String ID: Control Panel\Mouse
                                                                          • API String ID: 3677997916-824357125
                                                                          • Opcode ID: 369f0fe24d2bac802ef00e719e7d5b9bdacdb6263c8dc3b08a069fa9e64e9ed2
                                                                          • Instruction ID: 1c6c3f77131a88db3264d5a5e5ac40caa71353114347710129561b951e150dc0
                                                                          • Opcode Fuzzy Hash: 369f0fe24d2bac802ef00e719e7d5b9bdacdb6263c8dc3b08a069fa9e64e9ed2
                                                                          • Instruction Fuzzy Hash: EB112AB6511208FFDF218FA5DC85AAEBBB9EF05744B104459B806E7150D7719E409760
                                                                          APIs
                                                                          • CreateProcessW.KERNELBASE(?,00000000), ref: 0179ED6D
                                                                          • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0179ED91
                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0179EDB3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067569459.000000000179D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_179d000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 2438371351-0
                                                                          • Opcode ID: fc8f1a43d92b409a9fc3443f05f08a35b7dbde12cca23af92c4c83ca62f6b31d
                                                                          • Instruction ID: 08fa59f038e6155663febe5cc5569e8cd0733e2bab309cd6dbfdd454ae1a96af
                                                                          • Opcode Fuzzy Hash: fc8f1a43d92b409a9fc3443f05f08a35b7dbde12cca23af92c4c83ca62f6b31d
                                                                          • Instruction Fuzzy Hash: 25623B30A14218DBEB24CFA4D844BDEB776EF58300F1091A9D20DEB394E7769E85CB59
                                                                          Strings
                                                                          • Variable must be of type 'Object'., xrefs: 00AF32B7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Variable must be of type 'Object'.
                                                                          • API String ID: 0-109567571
                                                                          • Opcode ID: cca5fe00b4bf8923a5752da0b2648cdb5c59fdee296e4717caa764fcbe67739e
                                                                          • Instruction ID: 62852d6c09eb4c2ca203595fdd0ca022650f651a3cdb9b8621f08b72396b1f4d
                                                                          • Opcode Fuzzy Hash: cca5fe00b4bf8923a5752da0b2648cdb5c59fdee296e4717caa764fcbe67739e
                                                                          • Instruction Fuzzy Hash: 8CC26771A00215CFCF24CF98C881AADB7F1FF5A310F248569E916AB291D775ED81CBA1
                                                                          APIs
                                                                          • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00AE33A2
                                                                            • Part of subcall function 00AA6B57: _wcslen.LIBCMT ref: 00AA6B6A
                                                                          • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00AA3A04
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: IconLoadNotifyShell_String_wcslen
                                                                          • String ID: Line:
                                                                          • API String ID: 2289894680-1585850449
                                                                          • Opcode ID: 8ee8a211c27cdc82370e69aa8d624843dbfada0f9a7e0c302d833daf75c56510
                                                                          • Instruction ID: 6ee7929052be2a5ba4590b35e3a00901c2ffea790ecf7f53a9c0d04f53d65f76
                                                                          • Opcode Fuzzy Hash: 8ee8a211c27cdc82370e69aa8d624843dbfada0f9a7e0c302d833daf75c56510
                                                                          • Instruction Fuzzy Hash: CD31C472408300AACB21EB28DC46FEFB7E8AB45710F10491EF59A971D1DF749A48C7E6
                                                                          APIs
                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00AC0668
                                                                            • Part of subcall function 00AC32A4: RaiseException.KERNEL32(?,?,?,00AC068A,?,00B71444,?,?,?,?,?,?,00AC068A,00AA1129,00B68738,00AA1129), ref: 00AC3304
                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00AC0685
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                          • String ID: Unknown exception
                                                                          • API String ID: 3476068407-410509341
                                                                          • Opcode ID: f2917d064b3f4f0ce3e1d9302fa3ff5c04df10dd9c93195a671292a3151a551e
                                                                          • Instruction ID: 2379d29aa15c45dc296b77c399c313ca54fe0eda36105070e9f236722beee241
                                                                          • Opcode Fuzzy Hash: f2917d064b3f4f0ce3e1d9302fa3ff5c04df10dd9c93195a671292a3151a551e
                                                                          • Instruction Fuzzy Hash: B9F0C23490020DBB8F00BB64DD4AEDE7BAC5E00354F618579B814D65A2EFB1DA25C680
                                                                          APIs
                                                                          • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00B1302F
                                                                          • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 00B13044
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Temp$FileNamePath
                                                                          • String ID: aut
                                                                          • API String ID: 3285503233-3010740371
                                                                          • Opcode ID: 88d1f87cff392d4d0d3b1bf1f5d99104bb84361694049390f1fd79b18db159ae
                                                                          • Instruction ID: d0f77de379d5532870f631cfd3f167c996d42a227e90dec48ff3a68bc35dfb95
                                                                          • Opcode Fuzzy Hash: 88d1f87cff392d4d0d3b1bf1f5d99104bb84361694049390f1fd79b18db159ae
                                                                          • Instruction Fuzzy Hash: 20D05E7254032867DA20A7E4AC0EFCB3F6CDB04750F0002A1BA55E30A1DEB49984CBD0
                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00B282F5
                                                                          • TerminateProcess.KERNEL32(00000000), ref: 00B282FC
                                                                          • FreeLibrary.KERNEL32(?,?,?,?), ref: 00B284DD
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Process$CurrentFreeLibraryTerminate
                                                                          • String ID:
                                                                          • API String ID: 146820519-0
                                                                          • Opcode ID: fe6ccbceefa24fa9cd1abfea1aaf13f769a3b6636d36dbbe8684e8d3f283bcfc
                                                                          • Instruction ID: edcdb04ed8f513ed5c04133d509c9acce9e6c4dc2db73653db593a7fed14a79e
                                                                          • Opcode Fuzzy Hash: fe6ccbceefa24fa9cd1abfea1aaf13f769a3b6636d36dbbe8684e8d3f283bcfc
                                                                          • Instruction Fuzzy Hash: F1127B719083119FD714DF28D480B6ABBE5FF89318F14899DE8998B392CB31ED45CB92
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a3765a17a088ad00a94604bc2f1e24b3ff6f8bdbeb21de5c8706ec742e1e045d
                                                                          • Instruction ID: 2e863dba7697eb9b513e51b97f007d382b624d0aafe471c1628d29b9da0e7518
                                                                          • Opcode Fuzzy Hash: a3765a17a088ad00a94604bc2f1e24b3ff6f8bdbeb21de5c8706ec742e1e045d
                                                                          • Instruction Fuzzy Hash: 1D519D75D10A09AFDB21AFB8C945FEEBBB8AF05310F14005BF406AB391D7719A01DB61
                                                                          APIs
                                                                            • Part of subcall function 00AA1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00AA1BF4
                                                                            • Part of subcall function 00AA1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00AA1BFC
                                                                            • Part of subcall function 00AA1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00AA1C07
                                                                            • Part of subcall function 00AA1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00AA1C12
                                                                            • Part of subcall function 00AA1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00AA1C1A
                                                                            • Part of subcall function 00AA1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00AA1C22
                                                                            • Part of subcall function 00AA1B4A: RegisterWindowMessageW.USER32(00000004,?,00AA12C4), ref: 00AA1BA2
                                                                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00AA136A
                                                                          • OleInitialize.OLE32 ref: 00AA1388
                                                                          • CloseHandle.KERNEL32(00000000,00000000), ref: 00AE24AB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                          • String ID:
                                                                          • API String ID: 1986988660-0
                                                                          • Opcode ID: 8fdb96c2f4a8b17a54e117d23c0f2e2a5fd2901f36cae05a01a238d812c02146
                                                                          • Instruction ID: 898d4cabcbd235c0f3dea2378916646e41f1220672ac38de7aa56b50b913bb9d
                                                                          • Opcode Fuzzy Hash: 8fdb96c2f4a8b17a54e117d23c0f2e2a5fd2901f36cae05a01a238d812c02146
                                                                          • Instruction Fuzzy Hash: 2A71ACB59212008FC388EFBDAD466553BE5FBA9344B558A6AD41ED73A1EF308480CF71
                                                                          APIs
                                                                          • SetFilePointerEx.KERNELBASE(?,?,00000001,00000000,00000001,?,00000000), ref: 00AA556D
                                                                          • SetFilePointerEx.KERNELBASE(?,00000000,00000000,?,00000001), ref: 00AA557D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: FilePointer
                                                                          • String ID:
                                                                          • API String ID: 973152223-0
                                                                          • Opcode ID: 4f20985d6497925ae4ad32c4daed4b33ab7e3f55c5bb66059470e18972c5716d
                                                                          • Instruction ID: d74db7ff4736b1f8e500ed313d0a3659c9c3404c61fed2c4122fb0d8312f2865
                                                                          • Opcode Fuzzy Hash: 4f20985d6497925ae4ad32c4daed4b33ab7e3f55c5bb66059470e18972c5716d
                                                                          • Instruction Fuzzy Hash: 63314D71E00A0AEFDB14CF68C880B99B7B6FB48714F148629E91597280D771FE94CB94
                                                                          APIs
                                                                            • Part of subcall function 00AA3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00AA3A04
                                                                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00B0C259
                                                                          • KillTimer.USER32(?,00000001,?,?), ref: 00B0C261
                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00B0C270
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: IconNotifyShell_Timer$Kill
                                                                          • String ID:
                                                                          • API String ID: 3500052701-0
                                                                          • Opcode ID: 2492865125ab960ec294e186b5a6fd0bf3c0fe49880cf3f479d0056083f7818b
                                                                          • Instruction ID: b24c3d488a910d5185646ffd86d41bd41f7cfc608ba4ad45bbfe2c63ead61dfa
                                                                          • Opcode Fuzzy Hash: 2492865125ab960ec294e186b5a6fd0bf3c0fe49880cf3f479d0056083f7818b
                                                                          • Instruction Fuzzy Hash: 8E319371904344AFEB229FA48895BEBBFECAF06304F1044DEE5DAA7281C7745A84CB51
                                                                          APIs
                                                                          • CloseHandle.KERNELBASE(00000000,00000000,?,?,00AD85CC,?,00B68CC8,0000000C), ref: 00AD8704
                                                                          • GetLastError.KERNEL32(?,00AD85CC,?,00B68CC8,0000000C), ref: 00AD870E
                                                                          • __dosmaperr.LIBCMT ref: 00AD8739
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CloseErrorHandleLast__dosmaperr
                                                                          • String ID:
                                                                          • API String ID: 2583163307-0
                                                                          • Opcode ID: a6ca98934e021c38785ca306c36c529d36a2cc6d3eb1aeaca82b3e6789af3521
                                                                          • Instruction ID: 7f29f3d6a3f8b9f90d643b5500d71dd3fb4e38d7051e2bb148b320ade98312f8
                                                                          • Opcode Fuzzy Hash: a6ca98934e021c38785ca306c36c529d36a2cc6d3eb1aeaca82b3e6789af3521
                                                                          • Instruction Fuzzy Hash: 82016D33E056602AD6247734A945B7E7B598B92B74F39011FF81B9F3D2DEB8CC819290
                                                                          APIs
                                                                          • TranslateMessage.USER32(?), ref: 00AADB7B
                                                                          • DispatchMessageW.USER32(?), ref: 00AADB89
                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AADB9F
                                                                          • Sleep.KERNEL32(0000000A), ref: 00AADBB1
                                                                          • TranslateAcceleratorW.USER32(?,?,?), ref: 00AF1CC9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                          • String ID:
                                                                          • API String ID: 3288985973-0
                                                                          • Opcode ID: b8fed73eb1fc5f2bd50375ecd4bea0f54423873f4a27aa23bd886fdc347adeca
                                                                          • Instruction ID: 3ca273baf60c87397e1d7c14a48edceecf402defb06e31c982dd8582897a097d
                                                                          • Opcode Fuzzy Hash: b8fed73eb1fc5f2bd50375ecd4bea0f54423873f4a27aa23bd886fdc347adeca
                                                                          • Instruction Fuzzy Hash: 47F05E31644344DBE730CBA4CC49FEA77BCEB49310F104918F65A930C0DB30A8888B26
                                                                          APIs
                                                                          • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,00B12CD4,?,?,?,00000004,00000001), ref: 00B12FF2
                                                                          • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,00B12CD4,?,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00B13006
                                                                          • CloseHandle.KERNEL32(00000000,?,00B12CD4,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00B1300D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: File$CloseCreateHandleTime
                                                                          • String ID:
                                                                          • API String ID: 3397143404-0
                                                                          • Opcode ID: 19f946fc115328531cf2995bfbae060d9333ac61dcd0fe98dcdd74481076c3a9
                                                                          • Instruction ID: 05b14bf4ff7330c7afcc80a7063a458893e18b1e6f7ee5b01b5d6596a34fefe3
                                                                          • Opcode Fuzzy Hash: 19f946fc115328531cf2995bfbae060d9333ac61dcd0fe98dcdd74481076c3a9
                                                                          • Instruction Fuzzy Hash: C2E0863228061077D2301795BC0DFCF3E5CD78AF71F204210F719760D04AA0590153A8
                                                                          APIs
                                                                          • __Init_thread_footer.LIBCMT ref: 00AB17F6
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Init_thread_footer
                                                                          • String ID: CALL
                                                                          • API String ID: 1385522511-4196123274
                                                                          • Opcode ID: 0f85be9c625f1a48804448407b66346859ecc0580099c3f574d5345c5279faeb
                                                                          • Instruction ID: 560ebead766195665d5c8d34b91e5575aa9704b2068fc076f93ef5a2fe500a1e
                                                                          • Opcode Fuzzy Hash: 0f85be9c625f1a48804448407b66346859ecc0580099c3f574d5345c5279faeb
                                                                          • Instruction Fuzzy Hash: 51229D70608301DFC714DF14C5A0AAABBF9BF85314F688A5DF5968B3A2D731E845CB92
                                                                          APIs
                                                                          • _wcslen.LIBCMT ref: 00B16F6B
                                                                            • Part of subcall function 00AA4ECB: LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00B71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AA4EFD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad_wcslen
                                                                          • String ID: >>>AUTOIT SCRIPT<<<
                                                                          • API String ID: 3312870042-2806939583
                                                                          • Opcode ID: 209a9fe49691439047aac8b558a81e9655a45795baabdcbf6258e0e6a9050826
                                                                          • Instruction ID: 1db5d5c0eb1b841c2188220d5746cc01351c6029cd31ea63c4bf80c7da0cb430
                                                                          • Opcode Fuzzy Hash: 209a9fe49691439047aac8b558a81e9655a45795baabdcbf6258e0e6a9050826
                                                                          • Instruction Fuzzy Hash: 3BB180315082019FCB14EF20C9919AFB7E5EF99310F54895DF496972A2EF30ED89CB92
                                                                          APIs
                                                                          • GetOpenFileNameW.COMDLG32(?), ref: 00AE2C8C
                                                                            • Part of subcall function 00AA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AA3A97,?,?,00AA2E7F,?,?,?,00000000), ref: 00AA3AC2
                                                                            • Part of subcall function 00AA2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00AA2DC4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Name$Path$FileFullLongOpen
                                                                          • String ID: X
                                                                          • API String ID: 779396738-3081909835
                                                                          • Opcode ID: 0803ef4439ec8bea52cd00fc473689ddececb4cc96e866101faaf8bec706c269
                                                                          • Instruction ID: a393f0f79a8c1b2ca6d93ac26e5edd9070953d08ba24f09558c748cab1af95dd
                                                                          • Opcode Fuzzy Hash: 0803ef4439ec8bea52cd00fc473689ddececb4cc96e866101faaf8bec706c269
                                                                          • Instruction Fuzzy Hash: A921A871A002989FDF01DF98C945BDE7BFC9F49304F104059E405B7281DFB859898FA1
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: __fread_nolock
                                                                          • String ID: EA06
                                                                          • API String ID: 2638373210-3962188686
                                                                          • Opcode ID: 918f04da0a775a877c578b6d5423f892c1bb212829f67503948ebc637b1d85b5
                                                                          • Instruction ID: fa2c6f4c1e6404344396a638957603a37e8cedfaa2b06432f9116c48c487781a
                                                                          • Opcode Fuzzy Hash: 918f04da0a775a877c578b6d5423f892c1bb212829f67503948ebc637b1d85b5
                                                                          • Instruction Fuzzy Hash: 0401B172944258BEDF28C7A8C856FEEBBF8DB15301F00459EE192D2181E5B8E6188B60
                                                                          APIs
                                                                          • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00AA3908
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: IconNotifyShell_
                                                                          • String ID:
                                                                          • API String ID: 1144537725-0
                                                                          • Opcode ID: af61079d0a89008cf4aac54b97d98887acf5f81344ba228a2faa05bd36d10a92
                                                                          • Instruction ID: 5a57c159e7f44b8cc7016b5b309a4fd1d3c40c103adbb477350b5b9abc809609
                                                                          • Opcode Fuzzy Hash: af61079d0a89008cf4aac54b97d98887acf5f81344ba228a2faa05bd36d10a92
                                                                          • Instruction Fuzzy Hash: 2B319371504301DFD720DF68D88579BBBE8FB49708F10092EF59A97280EB75AA48CB52
                                                                          APIs
                                                                          • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00AA949C,?,00008000), ref: 00AA5773
                                                                          • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,?,?,00AA949C,?,00008000), ref: 00AE4052
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: 082bb2c158dc4d6b9baae57ab33643bae7ba44a5edbe91fb4d8f3ceba1c6b7c9
                                                                          • Instruction ID: 0a0f8bcf17ed5149bc80bd501e6bbf6940c54cc34cc4005bed2f06973183546b
                                                                          • Opcode Fuzzy Hash: 082bb2c158dc4d6b9baae57ab33643bae7ba44a5edbe91fb4d8f3ceba1c6b7c9
                                                                          • Instruction Fuzzy Hash: 22018030545625B6E3310A6ACC0EF977F98EF067B0F108210BA9C6B1E0CBB45854DB94
                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,00000002,?,?,?,?,00AA9879,?,?,?), ref: 00AA6E33
                                                                          • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,?,?,?,00AA9879,?,?,?), ref: 00AA6E69
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide
                                                                          • String ID:
                                                                          • API String ID: 626452242-0
                                                                          • Opcode ID: 9bfa8da8a645a6f376c8f39598cb461149b98bdad3300e623e2b93f4391063cf
                                                                          • Instruction ID: f10d17e5c584b5823948ebf29c7fcfcc04c8deaeda7fa66fca492dc6b0749f99
                                                                          • Opcode Fuzzy Hash: 9bfa8da8a645a6f376c8f39598cb461149b98bdad3300e623e2b93f4391063cf
                                                                          • Instruction Fuzzy Hash: D001D4713002007FEB296BB99D0BF7F7AADDB85300F18003DB106EB1E1EA60AC009624
                                                                          APIs
                                                                          • CreateProcessW.KERNELBASE(?,00000000), ref: 0179ED6D
                                                                          • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0179ED91
                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0179EDB3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067569459.000000000179D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_179d000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 2438371351-0
                                                                          • Opcode ID: aa5ac5a3be62539e190cb66ef3a7ce968b32dbbeab3f01f3ced4961a16edbae6
                                                                          • Instruction ID: 2f4b19bcf6f3de54c5ec13019744175ac65df18f50bdcc7dd504774781034b96
                                                                          • Opcode Fuzzy Hash: aa5ac5a3be62539e190cb66ef3a7ce968b32dbbeab3f01f3ced4961a16edbae6
                                                                          • Instruction Fuzzy Hash: 3412DD24E24658C6EB24DF64D8507DEB232EF68300F1090E9D10DEB7A5E77A4F85CB5A
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 544645111-0
                                                                          • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                          • Instruction ID: f7cf4c0e8a82f5c67458d0953ad8326780d133e518f8cfcf0aa214bd9f28af50
                                                                          • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                          • Instruction Fuzzy Hash: DE31D375A00109DFC718CF59D880AA9FBB9FF4A304B2886A5E809CB656D731EDC1DBC0
                                                                          APIs
                                                                            • Part of subcall function 00AA4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AA4EDD,?,00B71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AA4E9C
                                                                            • Part of subcall function 00AA4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00AA4EAE
                                                                            • Part of subcall function 00AA4E90: FreeLibrary.KERNEL32(00000000,?,?,00AA4EDD,?,00B71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AA4EC0
                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00B71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AA4EFD
                                                                            • Part of subcall function 00AA4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AE3CDE,?,00B71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AA4E62
                                                                            • Part of subcall function 00AA4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00AA4E74
                                                                            • Part of subcall function 00AA4E59: FreeLibrary.KERNEL32(00000000,?,?,00AE3CDE,?,00B71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AA4E87
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Library$Load$AddressFreeProc
                                                                          • String ID:
                                                                          • API String ID: 2632591731-0
                                                                          • Opcode ID: f63a4bb7e9e0fdba085bb8ff09691261110ae45a6d37ac392fd5d8a9c6b5d4a9
                                                                          • Instruction ID: a011fd08c387246729e229da90b94917d1b68460519b128888edc472467c7642
                                                                          • Opcode Fuzzy Hash: f63a4bb7e9e0fdba085bb8ff09691261110ae45a6d37ac392fd5d8a9c6b5d4a9
                                                                          • Instruction Fuzzy Hash: 5D11C432610205AECF24EB60DE06FAD77A59F89B10F20442DF552A71D1EFB0AA459750
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: __wsopen_s
                                                                          • String ID:
                                                                          • API String ID: 3347428461-0
                                                                          • Opcode ID: 2904d9ab450cf35374a0b7ce9bbee8bb7bfcb6f6ad0fd2bfc8c2394e5235def5
                                                                          • Instruction ID: 512ed111cadafb47f1db1dd8d4e36807a919b9cb760d1b07d081b143d4dc10b7
                                                                          • Opcode Fuzzy Hash: 2904d9ab450cf35374a0b7ce9bbee8bb7bfcb6f6ad0fd2bfc8c2394e5235def5
                                                                          • Instruction Fuzzy Hash: 7C1118B590410AAFCB05DF58E941A9B7BF5FF48314F10405AF809AB312DB31EA11CBA5
                                                                          APIs
                                                                          • ReadFile.KERNELBASE(?,?,00010000,00000000,00000000,?,?,00000000,?,00AA543F,?,00010000,00000000,00000000,00000000,00000000), ref: 00AA9A9C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: FileRead
                                                                          • String ID:
                                                                          • API String ID: 2738559852-0
                                                                          • Opcode ID: 22b3b34d17319f13d7d283c7e070d049d91215321d9ece3497c178813e2ffc6d
                                                                          • Instruction ID: 072e594d6f4e4cc959ea7b79c3281178d8b394293b9a1913bc5fdabce775b5f0
                                                                          • Opcode Fuzzy Hash: 22b3b34d17319f13d7d283c7e070d049d91215321d9ece3497c178813e2ffc6d
                                                                          • Instruction Fuzzy Hash: 1A114C31204B059FD720CF15C880B67B7F9EF45794F10C42EE59B87691C770A946CB60
                                                                          APIs
                                                                            • Part of subcall function 00AD4C7D: RtlAllocateHeap.NTDLL(00000008,00AA1129,00000000,?,00AD2E29,00000001,00000364,?,?,?,00ACF2DE,00AD3863,00B71444,?,00ABFDF5,?), ref: 00AD4CBE
                                                                          • _free.LIBCMT ref: 00AD506C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateHeap_free
                                                                          • String ID:
                                                                          • API String ID: 614378929-0
                                                                          • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                          • Instruction ID: ace1fd19c36672916289d1f3497af005be5610ea35cd03c9d0b7fd276f115f70
                                                                          • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                          • Instruction Fuzzy Hash: 3E0149726047046FE3318F65D881A5AFBECFB89370F25052EE195833C0EA30A905C7B4
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                          • Instruction ID: 1f7b490ba3b0063032b5f82e03b915a5691d48fff2b89119b367ca7ff1b3f61a
                                                                          • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                          • Instruction Fuzzy Hash: 8CF02836521A109BDB317B798E05F5A339D9F62330F12072EF422933D2DB74E801C6A5
                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(00000008,00AA1129,00000000,?,00AD2E29,00000001,00000364,?,?,?,00ACF2DE,00AD3863,00B71444,?,00ABFDF5,?), ref: 00AD4CBE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: e5acffb16ad0fc1674fc8cd5884b1a9c3809ffb640bca531fe67399ada1bfdb2
                                                                          • Instruction ID: 48b112820dca905fd163365bd14f52b86c477a2bb86deb8ece5940bdbdbcf06d
                                                                          • Opcode Fuzzy Hash: e5acffb16ad0fc1674fc8cd5884b1a9c3809ffb640bca531fe67399ada1bfdb2
                                                                          • Instruction Fuzzy Hash: 86F0593122732067DB201F629D09F5A3798BF487A0B164117F80BBB380CF30D80082E0
                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00B71444,?,00ABFDF5,?,?,00AAA976,00000010,00B71440,00AA13FC,?,00AA13C6,?,00AA1129), ref: 00AD3852
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: 02a59980d54daa772649952d26e59eb9939b4fd1aaa02a15ec1b535c4ddf1b9f
                                                                          • Instruction ID: d95c1bf2f30061fdba0e9581b43327a6ab11306040d0b2b272a16afe34cf05cd
                                                                          • Opcode Fuzzy Hash: 02a59980d54daa772649952d26e59eb9939b4fd1aaa02a15ec1b535c4ddf1b9f
                                                                          • Instruction Fuzzy Hash: A2E0E53310232466DE212B779D00F9E3A5AAB427B0F1A0026BC16A7680CB50DD01A2E6
                                                                          APIs
                                                                          • FreeLibrary.KERNEL32(?,?,00B71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AA4F6D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: FreeLibrary
                                                                          • String ID:
                                                                          • API String ID: 3664257935-0
                                                                          • Opcode ID: 62dbaa770aba568e65594cd8507332c9e16d0ed0862219df8dc395cf447ee7f6
                                                                          • Instruction ID: 0af576f77ab49cb0ca65c8fad3febba864abec81fe9a77e4b9dab050167ed0b0
                                                                          • Opcode Fuzzy Hash: 62dbaa770aba568e65594cd8507332c9e16d0ed0862219df8dc395cf447ee7f6
                                                                          • Instruction Fuzzy Hash: 58F0A971105742CFDB348F60D49082ABBF0AF4A729320997EF1EA83660CBB19844EF00
                                                                          APIs
                                                                          • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00AA2DC4
                                                                            • Part of subcall function 00AA6B57: _wcslen.LIBCMT ref: 00AA6B6A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: LongNamePath_wcslen
                                                                          • String ID:
                                                                          • API String ID: 541455249-0
                                                                          • Opcode ID: 0304fb3f1243d61acbcbbb5ef5c30d29157a5944f4d36d6b90d5663dd75f4aa7
                                                                          • Instruction ID: 0f12487396f2dd49e446c5e2068aa6609beacb7d7ccfa67f12f92c9c3834ed18
                                                                          • Opcode Fuzzy Hash: 0304fb3f1243d61acbcbbb5ef5c30d29157a5944f4d36d6b90d5663dd75f4aa7
                                                                          • Instruction Fuzzy Hash: ACE0CD726001345BC711A6989D05FDE77DDDFC8790F040075FD09E7248DA70AD808690
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: __fread_nolock
                                                                          • String ID:
                                                                          • API String ID: 2638373210-0
                                                                          • Opcode ID: 62c4ae1466583100269b95fce18df2779376e23d7999e61a0ae1b5108404e028
                                                                          • Instruction ID: 01e20f1c79c26f656a4e70b6642a1e9b55d44abafbcce845997ef510fe97fe22
                                                                          • Opcode Fuzzy Hash: 62c4ae1466583100269b95fce18df2779376e23d7999e61a0ae1b5108404e028
                                                                          • Instruction Fuzzy Hash: 25E04FB1609B005FDF399B28A951BF677E8DF49300F00086EF69B82352E57268958A4D
                                                                          APIs
                                                                            • Part of subcall function 00AA3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00AA3908
                                                                            • Part of subcall function 00AAD730: GetInputState.USER32 ref: 00AAD807
                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00AA2B6B
                                                                            • Part of subcall function 00AA30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00AA314E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                          • String ID:
                                                                          • API String ID: 3667716007-0
                                                                          • Opcode ID: 5b81433ea82f4931cea7892f28a777a274267a1d1674c3e63fbee0a7920df2a2
                                                                          • Instruction ID: 09f06f76b701bfd95d8532b54dfd5957c4a7cd491054203a4d25a23fde954852
                                                                          • Opcode Fuzzy Hash: 5b81433ea82f4931cea7892f28a777a274267a1d1674c3e63fbee0a7920df2a2
                                                                          • Instruction Fuzzy Hash: 9DE0262330020407CA08BB78A91257DA7498BD7351F00087EF147432E2CF2445454322
                                                                          APIs
                                                                          • CreateFileW.KERNELBASE(00000000,00000000,?,00AE0704,?,?,00000000,?,00AE0704,00000000,0000000C), ref: 00AE03B7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: 908829b0fb1578d54401bbf33ee1720c5b4b01424c425976315b94ec59f1af7c
                                                                          • Instruction ID: f845c86e8c1934b12e96035688e35e3916f09f8a69d03b5201df9c8c3128ef4b
                                                                          • Opcode Fuzzy Hash: 908829b0fb1578d54401bbf33ee1720c5b4b01424c425976315b94ec59f1af7c
                                                                          • Instruction Fuzzy Hash: 07D06C3204010DBBDF028F84DD06EDA3FAAFB48714F114000BE1866020C732E821AB90
                                                                          APIs
                                                                          • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00AA1CBC
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: InfoParametersSystem
                                                                          • String ID:
                                                                          • API String ID: 3098949447-0
                                                                          • Opcode ID: 01e04103b0430eb3caf0b9a53bff138f0434bec4598adbbc6bf810ef060ad66e
                                                                          • Instruction ID: 8720f885e7cd71d50e61e5c20b9157f88388f31130a3ee6091befd761ad90927
                                                                          • Opcode Fuzzy Hash: 01e04103b0430eb3caf0b9a53bff138f0434bec4598adbbc6bf810ef060ad66e
                                                                          • Instruction Fuzzy Hash: A4C09B36280304EFF31447D4BC4BF147754A358B00F154401F64D675E3CBA11450D764
                                                                          APIs
                                                                            • Part of subcall function 00AA5745: CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00AA949C,?,00008000), ref: 00AA5773
                                                                          • GetLastError.KERNEL32(00000002,00000000), ref: 00B176DE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CreateErrorFileLast
                                                                          • String ID:
                                                                          • API String ID: 1214770103-0
                                                                          • Opcode ID: 7a3c9aa65ef2be407084b846739d6b19ce523eaf7b89a2b94c42a19ea11dd503
                                                                          • Instruction ID: eeeb051f4688a164fd30bd776a3d4134ac474e71d82ae39c992fefeb6d2082dd
                                                                          • Opcode Fuzzy Hash: 7a3c9aa65ef2be407084b846739d6b19ce523eaf7b89a2b94c42a19ea11dd503
                                                                          • Instruction Fuzzy Hash: D381A0306087019FCB14EF28C591AAAB7F1EF89350F44459DF8865B2D2DB30ED85CB52
                                                                          APIs
                                                                          • Sleep.KERNELBASE(000001F4), ref: 0179F551
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067569459.000000000179D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_179d000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID:
                                                                          • API String ID: 3472027048-0
                                                                          • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                          • Instruction ID: cdf2fa76587d09f18ef67af856bef3843dcf05287078143e9641c46bea62f418
                                                                          • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                          • Instruction Fuzzy Hash: D7E09A7494010DAFDB00EFA4D54969E7BB4EF04302F1005A1FD05D6681DA319A548A62
                                                                          APIs
                                                                          • Sleep.KERNELBASE(000001F4), ref: 0179F551
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067569459.000000000179D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_179d000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID:
                                                                          • API String ID: 3472027048-0
                                                                          • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                          • Instruction ID: 5a25f6f0f04d522862e6fe8931336e6848597ae9edc6f577212c4f873d6f9947
                                                                          • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                          • Instruction Fuzzy Hash: C9E0E67494010DDFDB00EFB4D54D69E7FB4EF04302F100161FD01D2281D6319E50CA62
                                                                          APIs
                                                                            • Part of subcall function 00AB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00AB9BB2
                                                                          • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00B3961A
                                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B3965B
                                                                          • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00B3969F
                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B396C9
                                                                          • SendMessageW.USER32 ref: 00B396F2
                                                                          • GetKeyState.USER32(00000011), ref: 00B3978B
                                                                          • GetKeyState.USER32(00000009), ref: 00B39798
                                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B397AE
                                                                          • GetKeyState.USER32(00000010), ref: 00B397B8
                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B397E9
                                                                          • SendMessageW.USER32 ref: 00B39810
                                                                          • SendMessageW.USER32(?,00001030,?,00B37E95), ref: 00B39918
                                                                          • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00B3992E
                                                                          • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00B39941
                                                                          • SetCapture.USER32(?), ref: 00B3994A
                                                                          • ClientToScreen.USER32(?,?), ref: 00B399AF
                                                                          • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00B399BC
                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B399D6
                                                                          • ReleaseCapture.USER32 ref: 00B399E1
                                                                          • GetCursorPos.USER32(?), ref: 00B39A19
                                                                          • ScreenToClient.USER32(?,?), ref: 00B39A26
                                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00B39A80
                                                                          • SendMessageW.USER32 ref: 00B39AAE
                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00B39AEB
                                                                          • SendMessageW.USER32 ref: 00B39B1A
                                                                          • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00B39B3B
                                                                          • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00B39B4A
                                                                          • GetCursorPos.USER32(?), ref: 00B39B68
                                                                          • ScreenToClient.USER32(?,?), ref: 00B39B75
                                                                          • GetParent.USER32(?), ref: 00B39B93
                                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00B39BFA
                                                                          • SendMessageW.USER32 ref: 00B39C2B
                                                                          • ClientToScreen.USER32(?,?), ref: 00B39C84
                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00B39CB4
                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00B39CDE
                                                                          • SendMessageW.USER32 ref: 00B39D01
                                                                          • ClientToScreen.USER32(?,?), ref: 00B39D4E
                                                                          • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00B39D82
                                                                            • Part of subcall function 00AB9944: GetWindowLongW.USER32(?,000000EB), ref: 00AB9952
                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00B39E05
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                          • String ID: @GUI_DRAGID$F
                                                                          • API String ID: 3429851547-4164748364
                                                                          • Opcode ID: 80ee514ff5d2a293b78d44dedbe9e60dd3d409b32e255038066a14ea020d42d7
                                                                          • Instruction ID: dbb477afe34253343f62d149f19634092739e28b03276c2ccfd383f34802b72d
                                                                          • Opcode Fuzzy Hash: 80ee514ff5d2a293b78d44dedbe9e60dd3d409b32e255038066a14ea020d42d7
                                                                          • Instruction Fuzzy Hash: DE42BF35205200AFD724CF68CC85EAABBE5FF49310F204A99F699972A1DBB1EC51CF51
                                                                          APIs
                                                                          • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00B348F3
                                                                          • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00B34908
                                                                          • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00B34927
                                                                          • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00B3494B
                                                                          • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00B3495C
                                                                          • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00B3497B
                                                                          • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00B349AE
                                                                          • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00B349D4
                                                                          • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00B34A0F
                                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00B34A56
                                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00B34A7E
                                                                          • IsMenu.USER32(?), ref: 00B34A97
                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B34AF2
                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B34B20
                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00B34B94
                                                                          • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00B34BE3
                                                                          • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00B34C82
                                                                          • wsprintfW.USER32 ref: 00B34CAE
                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B34CC9
                                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00B34CF1
                                                                          • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00B34D13
                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B34D33
                                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00B34D5A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                          • String ID: %d/%02d/%02d
                                                                          • API String ID: 4054740463-328681919
                                                                          • Opcode ID: 674d1db0eb7d3015ebc829b3f9cf64d1f46be00bb9cf1c59fc73bf7f5b5370d2
                                                                          • Instruction ID: b5613af745f495406dfbcc245f6b6b8cd2850b58f0ff1dca3ee4133fbdaf599e
                                                                          • Opcode Fuzzy Hash: 674d1db0eb7d3015ebc829b3f9cf64d1f46be00bb9cf1c59fc73bf7f5b5370d2
                                                                          • Instruction Fuzzy Hash: F912D271500214AFEB258F68CC4AFAE7BF8EF45710F2441A9F519EB2E1DB74A941CB50
                                                                          APIs
                                                                          • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00ABF998
                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AFF474
                                                                          • IsIconic.USER32(00000000), ref: 00AFF47D
                                                                          • ShowWindow.USER32(00000000,00000009), ref: 00AFF48A
                                                                          • SetForegroundWindow.USER32(00000000), ref: 00AFF494
                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00AFF4AA
                                                                          • GetCurrentThreadId.KERNEL32 ref: 00AFF4B1
                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00AFF4BD
                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 00AFF4CE
                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 00AFF4D6
                                                                          • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00AFF4DE
                                                                          • SetForegroundWindow.USER32(00000000), ref: 00AFF4E1
                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00AFF4F6
                                                                          • keybd_event.USER32(00000012,00000000), ref: 00AFF501
                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00AFF50B
                                                                          • keybd_event.USER32(00000012,00000000), ref: 00AFF510
                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00AFF519
                                                                          • keybd_event.USER32(00000012,00000000), ref: 00AFF51E
                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00AFF528
                                                                          • keybd_event.USER32(00000012,00000000), ref: 00AFF52D
                                                                          • SetForegroundWindow.USER32(00000000), ref: 00AFF530
                                                                          • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00AFF557
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                          • String ID: Shell_TrayWnd
                                                                          • API String ID: 4125248594-2988720461
                                                                          • Opcode ID: c0270f82290bf691b284aa707ab20f76f54cbdea3540c201349bb9ca128c17a9
                                                                          • Instruction ID: 1f49d933e0855748c16b2053f64349c035ccdba996537f1d856b694d5e4f887f
                                                                          • Opcode Fuzzy Hash: c0270f82290bf691b284aa707ab20f76f54cbdea3540c201349bb9ca128c17a9
                                                                          • Instruction Fuzzy Hash: 09310E71A80218BEEB216BF55C4AFBF7E6CEB44B50F210065FA01F7191CBB19D00AB60
                                                                          APIs
                                                                            • Part of subcall function 00B016C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B0170D
                                                                            • Part of subcall function 00B016C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B0173A
                                                                            • Part of subcall function 00B016C3: GetLastError.KERNEL32 ref: 00B0174A
                                                                          • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00B01286
                                                                          • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00B012A8
                                                                          • CloseHandle.KERNEL32(?), ref: 00B012B9
                                                                          • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00B012D1
                                                                          • GetProcessWindowStation.USER32 ref: 00B012EA
                                                                          • SetProcessWindowStation.USER32(00000000), ref: 00B012F4
                                                                          • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00B01310
                                                                            • Part of subcall function 00B010BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00B011FC), ref: 00B010D4
                                                                            • Part of subcall function 00B010BF: CloseHandle.KERNEL32(?,?,00B011FC), ref: 00B010E9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                          • String ID: $default$winsta0
                                                                          • API String ID: 22674027-1027155976
                                                                          • Opcode ID: b76cf6bf1113da9dae7d24b72188445c5084feaaa45924021a75bc771d797252
                                                                          • Instruction ID: 4ff99b4ba39a1565f44688b0a8d81fdc6e7f27989c8a3761d65021250e61f383
                                                                          • Opcode Fuzzy Hash: b76cf6bf1113da9dae7d24b72188445c5084feaaa45924021a75bc771d797252
                                                                          • Instruction Fuzzy Hash: 0F817871900209AFDF259FA8DC49BEE7FB9EF04704F2445A9F910B62A0DB758954CF20
                                                                          APIs
                                                                            • Part of subcall function 00B010F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B01114
                                                                            • Part of subcall function 00B010F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00B00B9B,?,?,?), ref: 00B01120
                                                                            • Part of subcall function 00B010F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00B00B9B,?,?,?), ref: 00B0112F
                                                                            • Part of subcall function 00B010F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00B00B9B,?,?,?), ref: 00B01136
                                                                            • Part of subcall function 00B010F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B0114D
                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00B00BCC
                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00B00C00
                                                                          • GetLengthSid.ADVAPI32(?), ref: 00B00C17
                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00B00C51
                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00B00C6D
                                                                          • GetLengthSid.ADVAPI32(?), ref: 00B00C84
                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00B00C8C
                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00B00C93
                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00B00CB4
                                                                          • CopySid.ADVAPI32(00000000), ref: 00B00CBB
                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00B00CEA
                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00B00D0C
                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00B00D1E
                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B00D45
                                                                          • HeapFree.KERNEL32(00000000), ref: 00B00D4C
                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B00D55
                                                                          • HeapFree.KERNEL32(00000000), ref: 00B00D5C
                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B00D65
                                                                          • HeapFree.KERNEL32(00000000), ref: 00B00D6C
                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00B00D78
                                                                          • HeapFree.KERNEL32(00000000), ref: 00B00D7F
                                                                            • Part of subcall function 00B01193: GetProcessHeap.KERNEL32(00000008,00B00BB1,?,00000000,?,00B00BB1,?), ref: 00B011A1
                                                                            • Part of subcall function 00B01193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00B00BB1,?), ref: 00B011A8
                                                                            • Part of subcall function 00B01193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00B00BB1,?), ref: 00B011B7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                          • String ID:
                                                                          • API String ID: 4175595110-0
                                                                          • Opcode ID: 6c086fd436f401391da3b03e2f24f3a93e8bc76d8cf2fb0146c78bb73aeb7e9e
                                                                          • Instruction ID: 4d50d429bfe5d848da772d6910756e32481216c547c2c76bedaa8a53be175eac
                                                                          • Opcode Fuzzy Hash: 6c086fd436f401391da3b03e2f24f3a93e8bc76d8cf2fb0146c78bb73aeb7e9e
                                                                          • Instruction Fuzzy Hash: 3071397690020AABDF10AFE4DC44BAEBFB9FF04310F2446A5E915B7191DB75AA05CB70
                                                                          APIs
                                                                          • OpenClipboard.USER32(00B3CC08), ref: 00B1EB29
                                                                          • IsClipboardFormatAvailable.USER32(0000000D), ref: 00B1EB37
                                                                          • GetClipboardData.USER32(0000000D), ref: 00B1EB43
                                                                          • CloseClipboard.USER32 ref: 00B1EB4F
                                                                          • GlobalLock.KERNEL32(00000000), ref: 00B1EB87
                                                                          • CloseClipboard.USER32 ref: 00B1EB91
                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00B1EBBC
                                                                          • IsClipboardFormatAvailable.USER32(00000001), ref: 00B1EBC9
                                                                          • GetClipboardData.USER32(00000001), ref: 00B1EBD1
                                                                          • GlobalLock.KERNEL32(00000000), ref: 00B1EBE2
                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00B1EC22
                                                                          • IsClipboardFormatAvailable.USER32(0000000F), ref: 00B1EC38
                                                                          • GetClipboardData.USER32(0000000F), ref: 00B1EC44
                                                                          • GlobalLock.KERNEL32(00000000), ref: 00B1EC55
                                                                          • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00B1EC77
                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00B1EC94
                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00B1ECD2
                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00B1ECF3
                                                                          • CountClipboardFormats.USER32 ref: 00B1ED14
                                                                          • CloseClipboard.USER32 ref: 00B1ED59
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                          • String ID:
                                                                          • API String ID: 420908878-0
                                                                          • Opcode ID: 30540a1e97000d26b9cf4d8399301fdb681187a870e9d92c0f134023c57689cc
                                                                          • Instruction ID: aef3357d39cd8f425e6bee8d968c6ef45379f779a1ad51d8b5c1c0a631f8285f
                                                                          • Opcode Fuzzy Hash: 30540a1e97000d26b9cf4d8399301fdb681187a870e9d92c0f134023c57689cc
                                                                          • Instruction Fuzzy Hash: F561D1352042019FD300EF64D889FAABBE4EF85714F58459DF866972A1CF31DD89CB62
                                                                          APIs
                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00B169BE
                                                                          • FindClose.KERNEL32(00000000), ref: 00B16A12
                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00B16A4E
                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00B16A75
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B16AB2
                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B16ADF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                          • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                          • API String ID: 3830820486-3289030164
                                                                          • Opcode ID: 4028da5e048926e51d0734a6cae98245cad313ad8dbde8794ee842c8697122b6
                                                                          • Instruction ID: 6f37de1d9cea6084673464be9431da94fbdbb62cb53a7e6ab5c1ebcc03f0c958
                                                                          • Opcode Fuzzy Hash: 4028da5e048926e51d0734a6cae98245cad313ad8dbde8794ee842c8697122b6
                                                                          • Instruction Fuzzy Hash: 19D14D72508300AEC714EBA4CD82EAFB7ECAF89704F44495DF589D7191EB74DA44CB62
                                                                          APIs
                                                                          • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00B19663
                                                                          • GetFileAttributesW.KERNEL32(?), ref: 00B196A1
                                                                          • SetFileAttributesW.KERNEL32(?,?), ref: 00B196BB
                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00B196D3
                                                                          • FindClose.KERNEL32(00000000), ref: 00B196DE
                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 00B196FA
                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00B1974A
                                                                          • SetCurrentDirectoryW.KERNEL32(00B66B7C), ref: 00B19768
                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B19772
                                                                          • FindClose.KERNEL32(00000000), ref: 00B1977F
                                                                          • FindClose.KERNEL32(00000000), ref: 00B1978F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                          • String ID: *.*
                                                                          • API String ID: 1409584000-438819550
                                                                          • Opcode ID: f5a22021658a313e73e0bb0bfc2b78090c85982b245665379fed58100a5e134a
                                                                          • Instruction ID: 135f7a577104f8ffb9f046c5d5a9a671983129dfddc80e4c17a180d43697f195
                                                                          • Opcode Fuzzy Hash: f5a22021658a313e73e0bb0bfc2b78090c85982b245665379fed58100a5e134a
                                                                          • Instruction Fuzzy Hash: D331A032540259AADB14AFF4DC59ADE7BECEF09320F644195F815E30E0DB34DE848B64
                                                                          APIs
                                                                          • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00B197BE
                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00B19819
                                                                          • FindClose.KERNEL32(00000000), ref: 00B19824
                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 00B19840
                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00B19890
                                                                          • SetCurrentDirectoryW.KERNEL32(00B66B7C), ref: 00B198AE
                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B198B8
                                                                          • FindClose.KERNEL32(00000000), ref: 00B198C5
                                                                          • FindClose.KERNEL32(00000000), ref: 00B198D5
                                                                            • Part of subcall function 00B0DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00B0DB00
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                          • String ID: *.*
                                                                          • API String ID: 2640511053-438819550
                                                                          • Opcode ID: 5efaf9fdcfbe3d99f43a28fc1910b36ef830c9818cfdf9b49662896fe2b0d8d3
                                                                          • Instruction ID: 6aacb86cff4e30b42c572f21aac517bd0d4ac6255e11674fe6e76f47f62a1053
                                                                          • Opcode Fuzzy Hash: 5efaf9fdcfbe3d99f43a28fc1910b36ef830c9818cfdf9b49662896fe2b0d8d3
                                                                          • Instruction Fuzzy Hash: 0A31B232540659AADB14AFB4DC59ADE7BECEF06360F6441A5F814A30E0DB30D9858B64
                                                                          APIs
                                                                          • GetLocalTime.KERNEL32(?), ref: 00B18257
                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B18267
                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00B18273
                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00B18310
                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00B18324
                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00B18356
                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00B1838C
                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00B18395
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentDirectoryTime$File$Local$System
                                                                          • String ID: *.*
                                                                          • API String ID: 1464919966-438819550
                                                                          • Opcode ID: 000798120dfae5a995e1357b9b35f6b85fcca76af0153e45d624bcef287bfa64
                                                                          • Instruction ID: fcdd8be76debd1d10b72597b7a4f3a211f0e307830f744f09ccb6ad029fbacf2
                                                                          • Opcode Fuzzy Hash: 000798120dfae5a995e1357b9b35f6b85fcca76af0153e45d624bcef287bfa64
                                                                          • Instruction Fuzzy Hash: 86618A725043059FCB10EF60D8809AFB3E8FF8A310F44896EF99993291DB31E945CB92
                                                                          APIs
                                                                            • Part of subcall function 00AA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AA3A97,?,?,00AA2E7F,?,?,?,00000000), ref: 00AA3AC2
                                                                            • Part of subcall function 00B0E199: GetFileAttributesW.KERNEL32(?,00B0CF95), ref: 00B0E19A
                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00B0D122
                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00B0D1DD
                                                                          • MoveFileW.KERNEL32(?,?), ref: 00B0D1F0
                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 00B0D20D
                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B0D237
                                                                            • Part of subcall function 00B0D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00B0D21C,?,?), ref: 00B0D2B2
                                                                          • FindClose.KERNEL32(00000000,?,?,?), ref: 00B0D253
                                                                          • FindClose.KERNEL32(00000000), ref: 00B0D264
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                          • String ID: \*.*
                                                                          • API String ID: 1946585618-1173974218
                                                                          • Opcode ID: 2bbea67a55e2784600a09b85aeebec43d971aebcb136ccb48c0a0219384da78e
                                                                          • Instruction ID: 69fb2ef38cf13303d775503ceca7154d498df672a156bcd580c5911a42113a5a
                                                                          • Opcode Fuzzy Hash: 2bbea67a55e2784600a09b85aeebec43d971aebcb136ccb48c0a0219384da78e
                                                                          • Instruction Fuzzy Hash: 97615C3180111DAECF05EBE0DA929EEBBB5AF55340F2481A9E406771D1EF35AF09CB61
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                          • String ID:
                                                                          • API String ID: 1737998785-0
                                                                          • Opcode ID: 6990be5bf4f3f99e583d1407a4aa186fd49b62f81c91f0cd3d757dc8621bb4be
                                                                          • Instruction ID: 1fd8fddc1864ee0a993a603d90cdaf1eaf3c8d7c01e13091c1d4a12c7fcc8a44
                                                                          • Opcode Fuzzy Hash: 6990be5bf4f3f99e583d1407a4aa186fd49b62f81c91f0cd3d757dc8621bb4be
                                                                          • Instruction Fuzzy Hash: C241B435204611AFE310DF59D889F59BBE1FF44318F54C099E8259B6A2CB35EC81CB90
                                                                          APIs
                                                                            • Part of subcall function 00B016C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B0170D
                                                                            • Part of subcall function 00B016C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B0173A
                                                                            • Part of subcall function 00B016C3: GetLastError.KERNEL32 ref: 00B0174A
                                                                          • ExitWindowsEx.USER32(?,00000000), ref: 00B0E932
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                          • String ID: $ $@$SeShutdownPrivilege
                                                                          • API String ID: 2234035333-3163812486
                                                                          • Opcode ID: ae01a36c056c9ea6d34ac3138fa4a1d4f54265c39b3792bd3d0e51a4a471bb3e
                                                                          • Instruction ID: 9a3b8cbe9c187b871ddb6861d80ea139ca88f490fd0d25d1458113d302f2c974
                                                                          • Opcode Fuzzy Hash: ae01a36c056c9ea6d34ac3138fa4a1d4f54265c39b3792bd3d0e51a4a471bb3e
                                                                          • Instruction Fuzzy Hash: 8D01D673610211AFEB5426B89C8ABBF7ADCE714750F154DA2FD22F31D1DAB19C408294
                                                                          APIs
                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00B21276
                                                                          • WSAGetLastError.WSOCK32 ref: 00B21283
                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 00B212BA
                                                                          • WSAGetLastError.WSOCK32 ref: 00B212C5
                                                                          • closesocket.WSOCK32(00000000), ref: 00B212F4
                                                                          • listen.WSOCK32(00000000,00000005), ref: 00B21303
                                                                          • WSAGetLastError.WSOCK32 ref: 00B2130D
                                                                          • closesocket.WSOCK32(00000000), ref: 00B2133C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$closesocket$bindlistensocket
                                                                          • String ID:
                                                                          • API String ID: 540024437-0
                                                                          • Opcode ID: e6fdd29c97bc410a1a51731ea862c47453cb42bb1d7d6f308dd3dfe090cd55ff
                                                                          • Instruction ID: 21f833be267dc91376bd467332b494f493f5dad6ed0095f8e1046d87b4cd52aa
                                                                          • Opcode Fuzzy Hash: e6fdd29c97bc410a1a51731ea862c47453cb42bb1d7d6f308dd3dfe090cd55ff
                                                                          • Instruction Fuzzy Hash: 4C416031A00110EFD710DF68D584B2ABBE6EF56314F288598E85A9F2D6C771ED81CBA1
                                                                          APIs
                                                                          • _free.LIBCMT ref: 00ADB9D4
                                                                          • _free.LIBCMT ref: 00ADB9F8
                                                                          • _free.LIBCMT ref: 00ADBB7F
                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00B43700), ref: 00ADBB91
                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00B7121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00ADBC09
                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00B71270,000000FF,?,0000003F,00000000,?), ref: 00ADBC36
                                                                          • _free.LIBCMT ref: 00ADBD4B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                          • String ID:
                                                                          • API String ID: 314583886-0
                                                                          • Opcode ID: 04d166db65b876dd97c26b896d3eaa0a3e8ab61bc3311e6fd999a61e6f5797c2
                                                                          • Instruction ID: c2f24332e21b104e3b06f448de9771a9a9c6fbc4106cadc752754683b79e1050
                                                                          • Opcode Fuzzy Hash: 04d166db65b876dd97c26b896d3eaa0a3e8ab61bc3311e6fd999a61e6f5797c2
                                                                          • Instruction Fuzzy Hash: 83C12471920244EFCB20DF688951BAA7BB8EF45350F16459BE496DB362EB308E41D770
                                                                          APIs
                                                                            • Part of subcall function 00AA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AA3A97,?,?,00AA2E7F,?,?,?,00000000), ref: 00AA3AC2
                                                                            • Part of subcall function 00B0E199: GetFileAttributesW.KERNEL32(?,00B0CF95), ref: 00B0E19A
                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00B0D420
                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 00B0D470
                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B0D481
                                                                          • FindClose.KERNEL32(00000000), ref: 00B0D498
                                                                          • FindClose.KERNEL32(00000000), ref: 00B0D4A1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                          • String ID: \*.*
                                                                          • API String ID: 2649000838-1173974218
                                                                          • Opcode ID: 1c54e2369a3b65236e74e1044076eb6699350c456bf689c2613148d7b1bc39a9
                                                                          • Instruction ID: 53ecac252129edfabf86fa6edd83254b394f4351e530006b4c74593a9745ccd3
                                                                          • Opcode Fuzzy Hash: 1c54e2369a3b65236e74e1044076eb6699350c456bf689c2613148d7b1bc39a9
                                                                          • Instruction Fuzzy Hash: 48317E310083419BC701EFA4D9919AFBBE8BE96300F444A5DF4D5932D1EB34AA09CB63
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: __floor_pentium4
                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                          • API String ID: 4168288129-2761157908
                                                                          • Opcode ID: 3c0ef62c40229cec6cda2a6e83fd7cc4ee237f9d88dc3c264c1f8cbcff205d82
                                                                          • Instruction ID: b534a735dd88f59411d6240c58beb37ee81322cbe11e42393960f5987c94e018
                                                                          • Opcode Fuzzy Hash: 3c0ef62c40229cec6cda2a6e83fd7cc4ee237f9d88dc3c264c1f8cbcff205d82
                                                                          • Instruction Fuzzy Hash: 4DC22771E086288FDB25DF289D407EAB7B5EB49305F1541EBD84EEB240E775AE818F40
                                                                          APIs
                                                                          • _wcslen.LIBCMT ref: 00B164DC
                                                                          • CoInitialize.OLE32(00000000), ref: 00B16639
                                                                          • CoCreateInstance.OLE32(00B3FCF8,00000000,00000001,00B3FB68,?), ref: 00B16650
                                                                          • CoUninitialize.OLE32 ref: 00B168D4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                          • String ID: .lnk
                                                                          • API String ID: 886957087-24824748
                                                                          • Opcode ID: 9aec7c1e60d7919d0a7118f99f60af669ac306fe3d264881dfdf1e2c5aa96f44
                                                                          • Instruction ID: 3e8e5443ccd9edc074f6b01ba30964a65be97cff8a39c544244379a615fe1771
                                                                          • Opcode Fuzzy Hash: 9aec7c1e60d7919d0a7118f99f60af669ac306fe3d264881dfdf1e2c5aa96f44
                                                                          • Instruction Fuzzy Hash: D1D15871508301AFC304EF24C981AABB7E9FF99704F54896DF5958B2A1EB30ED45CB92
                                                                          APIs
                                                                          • GetForegroundWindow.USER32(?,?,00000000), ref: 00B222E8
                                                                            • Part of subcall function 00B1E4EC: GetWindowRect.USER32(?,?), ref: 00B1E504
                                                                          • GetDesktopWindow.USER32 ref: 00B22312
                                                                          • GetWindowRect.USER32(00000000), ref: 00B22319
                                                                          • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00B22355
                                                                          • GetCursorPos.USER32(?), ref: 00B22381
                                                                          • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00B223DF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                          • String ID:
                                                                          • API String ID: 2387181109-0
                                                                          • Opcode ID: 108257b0b4d56ae64f5c13afb2fafecefb8aed1ac786c6b93678fc190dbcd170
                                                                          • Instruction ID: 33e90903394f0d318b6f22e5f53192137567a4c4b400ae2db0a29eed6bbe0535
                                                                          • Opcode Fuzzy Hash: 108257b0b4d56ae64f5c13afb2fafecefb8aed1ac786c6b93678fc190dbcd170
                                                                          • Instruction Fuzzy Hash: 9E31FE72504315AFCB20DF54D849B9BBBE9FF88310F100A59F998E7181DB34EA08CB96
                                                                          APIs
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                          • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00B19B78
                                                                          • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00B19C8B
                                                                            • Part of subcall function 00B13874: GetInputState.USER32 ref: 00B138CB
                                                                            • Part of subcall function 00B13874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B13966
                                                                          • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00B19BA8
                                                                          • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00B19C75
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                          • String ID: *.*
                                                                          • API String ID: 1972594611-438819550
                                                                          • Opcode ID: 909ef9b64c076795ad1fb60ea9c3b31f56d299d5b0d86afd80a0e1c382eb2fba
                                                                          • Instruction ID: 041b9fca0189571445e2e61af249377ede8bf373f61f04d3da2f8f1a804c0ba8
                                                                          • Opcode Fuzzy Hash: 909ef9b64c076795ad1fb60ea9c3b31f56d299d5b0d86afd80a0e1c382eb2fba
                                                                          • Instruction Fuzzy Hash: C341817190424AAFCF55DFA4C995AEEBBF8EF05310F644095F845A3291EB309E84CFA0
                                                                          APIs
                                                                            • Part of subcall function 00AB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00AB9BB2
                                                                          • DefDlgProcW.USER32(?,?,?,?,?), ref: 00AB9A4E
                                                                          • GetSysColor.USER32(0000000F), ref: 00AB9B23
                                                                          • SetBkColor.GDI32(?,00000000), ref: 00AB9B36
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Color$LongProcWindow
                                                                          • String ID:
                                                                          • API String ID: 3131106179-0
                                                                          • Opcode ID: 65b76b4a7695bee474751d19e07343786ed35720c412dc14a00f7e9862a42864
                                                                          • Instruction ID: b7245334d9f91cbc874a39879475187470abb355df4f274b72c88254a1e6188b
                                                                          • Opcode Fuzzy Hash: 65b76b4a7695bee474751d19e07343786ed35720c412dc14a00f7e9862a42864
                                                                          • Instruction Fuzzy Hash: E0A10770118548AEE728AB7C8C99EFF3AADDF42380F25410DF712D6693CE259D42D272
                                                                          APIs
                                                                            • Part of subcall function 00B2304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B2307A
                                                                            • Part of subcall function 00B2304E: _wcslen.LIBCMT ref: 00B2309B
                                                                          • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00B2185D
                                                                          • WSAGetLastError.WSOCK32 ref: 00B21884
                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 00B218DB
                                                                          • WSAGetLastError.WSOCK32 ref: 00B218E6
                                                                          • closesocket.WSOCK32(00000000), ref: 00B21915
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                          • String ID:
                                                                          • API String ID: 1601658205-0
                                                                          • Opcode ID: dec17524cdf23630132ecf874c8b4828046c50325dd870d273860041ac80fab0
                                                                          • Instruction ID: 4230128f1b48b1f44997ff55e7442b36e42af7a47653bfba389ba881e0f2ce9e
                                                                          • Opcode Fuzzy Hash: dec17524cdf23630132ecf874c8b4828046c50325dd870d273860041ac80fab0
                                                                          • Instruction Fuzzy Hash: 8651B471A00210AFEB10AF24D9C6F6A77E5EB45718F188498F90A6F3D3D771ED418BA1
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                          • String ID:
                                                                          • API String ID: 292994002-0
                                                                          • Opcode ID: 3c0129d31e757b12e474bbf73ad7bc1b02b034db9dabd190f8b42674949a2ea2
                                                                          • Instruction ID: a0a26260ebd0e644f76573c787c316efaf8392e114f7788c5bd23f7a4622a5c2
                                                                          • Opcode Fuzzy Hash: 3c0129d31e757b12e474bbf73ad7bc1b02b034db9dabd190f8b42674949a2ea2
                                                                          • Instruction Fuzzy Hash: AF21A3317402105FD7208F2ED894B6A7BE9EF95325F7994A8E8469F351CB71EC42CB90
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                          • API String ID: 0-1546025612
                                                                          • Opcode ID: da6ab05918eb5edcc9ab89880b525e1dc93b90efbc01f1663b0c7e1e2cdf489d
                                                                          • Instruction ID: 5e5bcb3476b5e652d875b478a33f857004c48d4df0097972f13f0a8553ae801c
                                                                          • Opcode Fuzzy Hash: da6ab05918eb5edcc9ab89880b525e1dc93b90efbc01f1663b0c7e1e2cdf489d
                                                                          • Instruction Fuzzy Hash: C1A2A070E0065ACBDF24CF59C9807EEB7B1BF55314F2485AAE815AB285EB349D81CF90
                                                                          APIs
                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 00B2A6AC
                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 00B2A6BA
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 00B2A79C
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00B2A7AB
                                                                            • Part of subcall function 00ABCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00AE3303,?), ref: 00ABCE8A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                          • String ID:
                                                                          • API String ID: 1991900642-0
                                                                          • Opcode ID: 070fa8710c13209f435f2b7d92532decc9c4a07af0c56968bfd732769aed7ed9
                                                                          • Instruction ID: 3a9b4f638c8fada9f0cb94131199d44bebe0cb2693496e186920441aef4e7b25
                                                                          • Opcode Fuzzy Hash: 070fa8710c13209f435f2b7d92532decc9c4a07af0c56968bfd732769aed7ed9
                                                                          • Instruction Fuzzy Hash: 59514C71508310AFD710EF24D986E6BBBE8FF89754F00895DF59997292EB30D904CB92
                                                                          APIs
                                                                          • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00B0AAAC
                                                                          • SetKeyboardState.USER32(00000080), ref: 00B0AAC8
                                                                          • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00B0AB36
                                                                          • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00B0AB88
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                          • String ID:
                                                                          • API String ID: 432972143-0
                                                                          • Opcode ID: 09ffb8080a511815850543bc3c08538fd7115645043d84c36b2c886d854179cf
                                                                          • Instruction ID: 7e6cc47a851bda0a7eed12a27dee2d2ae4f69bc022c5306c75770af0c5275e0e
                                                                          • Opcode Fuzzy Hash: 09ffb8080a511815850543bc3c08538fd7115645043d84c36b2c886d854179cf
                                                                          • Instruction Fuzzy Hash: 2C311431A40308AEFB359B68CC45BFA7FE6EB44310F144A9AF581A61E1D774C985C762
                                                                          APIs
                                                                          • InternetReadFile.WININET(?,?,00000400,?), ref: 00B1CE89
                                                                          • GetLastError.KERNEL32(?,00000000), ref: 00B1CEEA
                                                                          • SetEvent.KERNEL32(?,?,00000000), ref: 00B1CEFE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorEventFileInternetLastRead
                                                                          • String ID:
                                                                          • API String ID: 234945975-0
                                                                          • Opcode ID: 653b53e7efa8115d96c000b6772f51d13ea61761cd7b59236b088e5b74358069
                                                                          • Instruction ID: cfff0e00f2ef54ebbfc1b09d1eb39fae21866be3dfd4b0df094cde30bc0d6dd6
                                                                          • Opcode Fuzzy Hash: 653b53e7efa8115d96c000b6772f51d13ea61761cd7b59236b088e5b74358069
                                                                          • Instruction Fuzzy Hash: 8A21C172540305DBD730CFA5C988BABBBFCEB00314F60446EE546E2151EB74ED898B54
                                                                          APIs
                                                                          • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00B082AA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen
                                                                          • String ID: ($|
                                                                          • API String ID: 1659193697-1631851259
                                                                          • Opcode ID: 64eb93e6e1579859f813b42302593dbe2800b180f530e25014721f36848197ba
                                                                          • Instruction ID: 105ee55e0de752400932f6f22df6ee6f13aac752844acd5d05f1f56ad03253dc
                                                                          • Opcode Fuzzy Hash: 64eb93e6e1579859f813b42302593dbe2800b180f530e25014721f36848197ba
                                                                          • Instruction Fuzzy Hash: 08323775A007059FC728CF59C481A6ABBF1FF48710B15C5AEE49ADB3A1EB70EA41CB44
                                                                          APIs
                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00B15CC1
                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00B15D17
                                                                          • FindClose.KERNEL32(?), ref: 00B15D5F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Find$File$CloseFirstNext
                                                                          • String ID:
                                                                          • API String ID: 3541575487-0
                                                                          • Opcode ID: 68d0153623c88448c3bf3cc72f846713ec5ccbca7a21ef20fd91ddd308b3c146
                                                                          • Instruction ID: 13e6c1796433518b073a9bc834e626e499c7a9e9436bca8fb1b42576154eb187
                                                                          • Opcode Fuzzy Hash: 68d0153623c88448c3bf3cc72f846713ec5ccbca7a21ef20fd91ddd308b3c146
                                                                          • Instruction Fuzzy Hash: 37517A74604601DFC724DF28D494E9ABBE4FF4A324F5485ADE95A8B3A1CB30ED84CB91
                                                                          APIs
                                                                          • IsDebuggerPresent.KERNEL32 ref: 00AD271A
                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00AD2724
                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00AD2731
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                          • String ID:
                                                                          • API String ID: 3906539128-0
                                                                          • Opcode ID: 96a24f996bc7f5468e8ae30a63e771211c22b323391fd67f8ba817c91b44da45
                                                                          • Instruction ID: 4894874997a0fdd0a11726a14ca612397caa6a68e3b83767bf1f5c21255744d4
                                                                          • Opcode Fuzzy Hash: 96a24f996bc7f5468e8ae30a63e771211c22b323391fd67f8ba817c91b44da45
                                                                          • Instruction Fuzzy Hash: CF31D67590121CABCB21DF64DD88BDDBBB8AF18310F5041EAE81CA7260EB349F818F44
                                                                          APIs
                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00B151DA
                                                                          • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00B15238
                                                                          • SetErrorMode.KERNEL32(00000000), ref: 00B152A1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorMode$DiskFreeSpace
                                                                          • String ID:
                                                                          • API String ID: 1682464887-0
                                                                          • Opcode ID: 2fe8545d820e712b39501263115ef9524de6010a4867824a9cc0f6c0487571a9
                                                                          • Instruction ID: 8e40239f9f605685a6cf532627f538aaddedec97fba263a988bcf6a65f0b83da
                                                                          • Opcode Fuzzy Hash: 2fe8545d820e712b39501263115ef9524de6010a4867824a9cc0f6c0487571a9
                                                                          • Instruction Fuzzy Hash: 0F315E75A00618DFDB00DF94D884EAEBBF4FF49314F548099E805AB3A2DB31E855CB90
                                                                          APIs
                                                                            • Part of subcall function 00ABFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00AC0668
                                                                            • Part of subcall function 00ABFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00AC0685
                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B0170D
                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B0173A
                                                                          • GetLastError.KERNEL32 ref: 00B0174A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                          • String ID:
                                                                          • API String ID: 577356006-0
                                                                          • Opcode ID: bcba0b677c082d6035053470e8ba1bce8b5350bb5e76ef1553c928ab97c837ff
                                                                          • Instruction ID: 530f086f7edc64d87d0b71c22aef63f31e40f14405a6cd79c5b2f4a12ebc183e
                                                                          • Opcode Fuzzy Hash: bcba0b677c082d6035053470e8ba1bce8b5350bb5e76ef1553c928ab97c837ff
                                                                          • Instruction Fuzzy Hash: 07119EB2504304AFD718AF58DDC6DAABBFDEB44714B24856EE05657281EB70FC418B24
                                                                          APIs
                                                                          • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00B0D608
                                                                          • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00B0D645
                                                                          • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00B0D650
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CloseControlCreateDeviceFileHandle
                                                                          • String ID:
                                                                          • API String ID: 33631002-0
                                                                          • Opcode ID: b81a306616d80905d28b9de3971580c0745d76dedb1c49eff5e0c034c1823eab
                                                                          • Instruction ID: 2be3cf4d533abf26f3d1ceffd202dd0c8270e3822ea231d0506079c3c56fabb8
                                                                          • Opcode Fuzzy Hash: b81a306616d80905d28b9de3971580c0745d76dedb1c49eff5e0c034c1823eab
                                                                          • Instruction Fuzzy Hash: 64113C75E05228BFDB108F959C45FAFBFBCEB45B50F108155F904F7290D6704A058BA1
                                                                          APIs
                                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00B0168C
                                                                          • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00B016A1
                                                                          • FreeSid.ADVAPI32(?), ref: 00B016B1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                          • String ID:
                                                                          • API String ID: 3429775523-0
                                                                          • Opcode ID: d6584c164b1cbed5792b9aabc556469955ff9567b3809941f901b7667cd82db1
                                                                          • Instruction ID: 1cf6db109a0d0aea3987522bbaa298f0969b03f98ba20ced62f9295ee7eda7a4
                                                                          • Opcode Fuzzy Hash: d6584c164b1cbed5792b9aabc556469955ff9567b3809941f901b7667cd82db1
                                                                          • Instruction Fuzzy Hash: 6EF0F47195030DFBDB00DFE49D89AAEBBBCEB08704F5049A5E501E2181E774AA448B50
                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(00AD28E9,?,00AC4CBE,00AD28E9,00B688B8,0000000C,00AC4E15,00AD28E9,00000002,00000000,?,00AD28E9), ref: 00AC4D09
                                                                          • TerminateProcess.KERNEL32(00000000,?,00AC4CBE,00AD28E9,00B688B8,0000000C,00AC4E15,00AD28E9,00000002,00000000,?,00AD28E9), ref: 00AC4D10
                                                                          • ExitProcess.KERNEL32 ref: 00AC4D22
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Process$CurrentExitTerminate
                                                                          • String ID:
                                                                          • API String ID: 1703294689-0
                                                                          • Opcode ID: 1642c343c5e8f1c386ce92e5d0afebaa863319d028bd379b00f53d273f543884
                                                                          • Instruction ID: e9850dca7bf09943b4543370d02be70df7c3c45f1fe902fd89bcf49c075c4bc7
                                                                          • Opcode Fuzzy Hash: 1642c343c5e8f1c386ce92e5d0afebaa863319d028bd379b00f53d273f543884
                                                                          • Instruction Fuzzy Hash: 2AE0B631000548AFCF12BFA4DE1AF993F69EB45791B214418FC06AB222CB35DD52DB88
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: /
                                                                          • API String ID: 0-2043925204
                                                                          • Opcode ID: fa9223fec98cd234201c5cc3f6566e086de183c366bc2a8dc9953efcc7f5f419
                                                                          • Instruction ID: 24cb22d9d516a7e509840e93b267567fd68bd9b4fe753b57903714ff06eaf152
                                                                          • Opcode Fuzzy Hash: fa9223fec98cd234201c5cc3f6566e086de183c366bc2a8dc9953efcc7f5f419
                                                                          • Instruction Fuzzy Hash: 76413B7650021A6FCB24AFB9CC4DEFBB778EB84724F50426AF916DB280E6709D41CB50
                                                                          APIs
                                                                          • GetUserNameW.ADVAPI32(?,?), ref: 00AFD28C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: NameUser
                                                                          • String ID: X64
                                                                          • API String ID: 2645101109-893830106
                                                                          • Opcode ID: f7e6d15a7ca0b64520f722759b43a7fcdd4027e2f2f76f2de29dabd7675f71c9
                                                                          • Instruction ID: f70148f062015951dd541a957f27c0c569963e3cb3a471bf0a3736578b515e6b
                                                                          • Opcode Fuzzy Hash: f7e6d15a7ca0b64520f722759b43a7fcdd4027e2f2f76f2de29dabd7675f71c9
                                                                          • Instruction Fuzzy Hash: F2D0C9B480111DEACB94DB90DC88DDDB77CBB04305F200151F106A2000DB3096488F10
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                          • Instruction ID: 97fbe2640c45908b6c2dcf7f344587accccfcbd519f866ca847d1e2fba3bab17
                                                                          • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                          • Instruction Fuzzy Hash: 4C020C71E002199BDF14CFA9C980BADBBF1EF48324F25816ED919E7384D731AE418B94
                                                                          APIs
                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00B16918
                                                                          • FindClose.KERNEL32(00000000), ref: 00B16961
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Find$CloseFileFirst
                                                                          • String ID:
                                                                          • API String ID: 2295610775-0
                                                                          • Opcode ID: 6d68a6c8d03c2ec97a15aeeaa2b0b54ef3b482a80791057d90b6fd75db832077
                                                                          • Instruction ID: f2c2579ec45dfaff0bc35ec3f531afc25947cb3f1970c0b0e302182c418a5723
                                                                          • Opcode Fuzzy Hash: 6d68a6c8d03c2ec97a15aeeaa2b0b54ef3b482a80791057d90b6fd75db832077
                                                                          • Instruction Fuzzy Hash: 841193316042119FD710DF69D884A1ABBE5FF89328F54C699E4698F2A2CB30EC45CB91
                                                                          APIs
                                                                          • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00B24891,?,?,00000035,?), ref: 00B137E4
                                                                          • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00B24891,?,?,00000035,?), ref: 00B137F4
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFormatLastMessage
                                                                          • String ID:
                                                                          • API String ID: 3479602957-0
                                                                          • Opcode ID: 1afc5ba809fdc3885cac9b186a7a272b236f43114ebf8954f184c87d7563e351
                                                                          • Instruction ID: d689ae150393fbea821ae4ac040ab034115c86138ecdf7a565bb2a31b84be960
                                                                          • Opcode Fuzzy Hash: 1afc5ba809fdc3885cac9b186a7a272b236f43114ebf8954f184c87d7563e351
                                                                          • Instruction Fuzzy Hash: 04F0A0B16042282AE72027A68D49FEB3AAEEF85B61F000175B509E32C1DA609D4487B1
                                                                          APIs
                                                                          • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00B0B25D
                                                                          • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00B0B270
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: InputSendkeybd_event
                                                                          • String ID:
                                                                          • API String ID: 3536248340-0
                                                                          • Opcode ID: e896179e57b67fd87225983cc2632e5b28ded55df5ed3c5db04bcc94c1885c29
                                                                          • Instruction ID: fcb10bcb7c60e240f6ab8c3e2d108fe24756976ca04397e1a57447000f59bf53
                                                                          • Opcode Fuzzy Hash: e896179e57b67fd87225983cc2632e5b28ded55df5ed3c5db04bcc94c1885c29
                                                                          • Instruction Fuzzy Hash: 03F0177180428EABDB059FA0C806BAE7FB4FF08309F10804AF965A61A2C77986119F94
                                                                          APIs
                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00B011FC), ref: 00B010D4
                                                                          • CloseHandle.KERNEL32(?,?,00B011FC), ref: 00B010E9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: AdjustCloseHandlePrivilegesToken
                                                                          • String ID:
                                                                          • API String ID: 81990902-0
                                                                          • Opcode ID: 1e9dbb9be02463ba70ea966a6ef1d492635998db60156884946221df3cdcd223
                                                                          • Instruction ID: 3b90e3b907561630e951299e25bda765a834127c15f53cc79ab7a473dc7b46e1
                                                                          • Opcode Fuzzy Hash: 1e9dbb9be02463ba70ea966a6ef1d492635998db60156884946221df3cdcd223
                                                                          • Instruction Fuzzy Hash: 42E0BF72014610AEE7252B55FD05EB77BEDEB04310B24882DF5A6914B1DB62ACA0DB54
                                                                          Strings
                                                                          • Variable is not of type 'Object'., xrefs: 00AF0C40
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Variable is not of type 'Object'.
                                                                          • API String ID: 0-1840281001
                                                                          • Opcode ID: 8a29ad9db9e316105e48576bc663be4801b430f73a5c50b8b4439a1a2fa300c5
                                                                          • Instruction ID: f38e47a72dbde2f2bf285030c87c474d4a73c0b1765a355ae8785c4dc8e50769
                                                                          • Opcode Fuzzy Hash: 8a29ad9db9e316105e48576bc663be4801b430f73a5c50b8b4439a1a2fa300c5
                                                                          • Instruction Fuzzy Hash: EE327A70900218DFEF14DF94C985EFDB7B5BF06324F148069E906AB292DB75AE46CB60
                                                                          APIs
                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00AD6766,?,?,00000008,?,?,00ADFEFE,00000000), ref: 00AD6998
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionRaise
                                                                          • String ID:
                                                                          • API String ID: 3997070919-0
                                                                          • Opcode ID: b0bd1e54d2e403f2a6a8669942e1ac91b47d9fa12aead09639baf1b389947677
                                                                          • Instruction ID: 0aed528b5213d842346f212ceba7c245a8b4df843c77308b55a39fa384f21c82
                                                                          • Opcode Fuzzy Hash: b0bd1e54d2e403f2a6a8669942e1ac91b47d9fa12aead09639baf1b389947677
                                                                          • Instruction Fuzzy Hash: 17B129316106099FD715CF28C48AB697BB0FF45364F29865AE8DACF3A2C735E991CB40
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID: 0-3916222277
                                                                          • Opcode ID: c3bf79ff41f3b4ca8ef7ec5f09283dfc4a10a0523a3a396755799034ac8a855f
                                                                          • Instruction ID: d8e2d599b95d74817103b0048616e3944647852b8aadf08cbf42194dd773e1a4
                                                                          • Opcode Fuzzy Hash: c3bf79ff41f3b4ca8ef7ec5f09283dfc4a10a0523a3a396755799034ac8a855f
                                                                          • Instruction Fuzzy Hash: 561251759102299FCB14CF98C8806FEB7F5FF48710F14819AE949EB256DB749E81CBA0
                                                                          APIs
                                                                          • BlockInput.USER32(00000001), ref: 00B1EABD
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: BlockInput
                                                                          • String ID:
                                                                          • API String ID: 3456056419-0
                                                                          • Opcode ID: 2ae5324069f7a68d6bfc54776e0a58100bd9d05cec60c12a809bf2c7d570e214
                                                                          • Instruction ID: c9f304aecbc53b01249350fb6f01c32488d1837486d07ea01fbe0cd6926616d9
                                                                          • Opcode Fuzzy Hash: 2ae5324069f7a68d6bfc54776e0a58100bd9d05cec60c12a809bf2c7d570e214
                                                                          • Instruction Fuzzy Hash: 0EE04F322102049FD710EF69D945E9AFBE9EF99770F008456FC4AD7391DB70E8808BA1
                                                                          APIs
                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00AC03EE), ref: 00AC09DA
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionFilterUnhandled
                                                                          • String ID:
                                                                          • API String ID: 3192549508-0
                                                                          • Opcode ID: 7f47eed4f86214b17010b2722a270a8484b0cf114c6054f91d77442311777efd
                                                                          • Instruction ID: 2467ba74e956f7be3c5dcd0eecef91dac22e5fe32f01aebf6ebefd277a7adab4
                                                                          • Opcode Fuzzy Hash: 7f47eed4f86214b17010b2722a270a8484b0cf114c6054f91d77442311777efd
                                                                          • Instruction Fuzzy Hash:
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 0
                                                                          • API String ID: 0-4108050209
                                                                          • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                          • Instruction ID: 8972f152be45c61aa52b66aec86a96c8f5cc4be620c2144e38b20412ab91f621
                                                                          • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                          • Instruction Fuzzy Hash: 4851AD7160C7059BDF788778895DFBE27E99B12340F1B050DEA82DB282CA25DE81DF52
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 42233e93606714ed3d318d226849d52b8a472c666fec1bfa63c9b8c13a8a5917
                                                                          • Instruction ID: 33803a092f87fb275f982d9b2c6be3054c9d6cc0bc272f0dde0b179dc00133d3
                                                                          • Opcode Fuzzy Hash: 42233e93606714ed3d318d226849d52b8a472c666fec1bfa63c9b8c13a8a5917
                                                                          • Instruction Fuzzy Hash: EA324326D69F014DD7279634DC22339A249AFB73C5F15C737F81AB6AA6EF28C5835100
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2754ffaa6b69e99852e27258e570bdd1e47c43b67c5df65915052cec8014b42c
                                                                          • Instruction ID: a075e16cd9c5d5f8c0887f96197236b13674c342f6063d979a9a0ac2312e6767
                                                                          • Opcode Fuzzy Hash: 2754ffaa6b69e99852e27258e570bdd1e47c43b67c5df65915052cec8014b42c
                                                                          • Instruction Fuzzy Hash: E4323C31A0411D8BDF28CFAAC690ABD7BB1EB45370F288566F649CB292D734DD81DB40
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 28224c304c02fdf694533d765f00f8326cceb7e3c137f7458684a2e9e2943140
                                                                          • Instruction ID: f71003375893c1b7caee409d654076982377c69079cfbdaad3b4f76a588edea6
                                                                          • Opcode Fuzzy Hash: 28224c304c02fdf694533d765f00f8326cceb7e3c137f7458684a2e9e2943140
                                                                          • Instruction Fuzzy Hash: E022A0B0E0060ADFDF14CF65D981AAEB3F6FF45304F244529E816AB291EB369D11CB60
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0e57311cf2be9f3f75baa451e3094c0fdee62485f86f88febd7b46069e1b7df9
                                                                          • Instruction ID: a4e40991ca22b1698ba36d7b5840ccd8dbbce601f56755db6cbe037bebaa7c66
                                                                          • Opcode Fuzzy Hash: 0e57311cf2be9f3f75baa451e3094c0fdee62485f86f88febd7b46069e1b7df9
                                                                          • Instruction Fuzzy Hash: BD02C5B0A00205EFDF04DF65D981AAEB7B5FF44340F218169E8169B2D1EB35EE24CB95
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                          • Instruction ID: a6ee8a578cef33e0e171f062d61b2d360b6259f9153023e57764519a2527bd21
                                                                          • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                          • Instruction Fuzzy Hash: AE9156723080A349DB2A473E8574A7DFFE15A533A131B079DE4F3CA1C6FE248965D620
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                          • Instruction ID: acc6abfc207bba404495ad88bd05dbcc101a928b0300994719212c7bb04a61d9
                                                                          • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                          • Instruction Fuzzy Hash: 4D9123723090A34ADB2D477A8574A3DFFF15A933A131B079DD4F2CA1C2FE24C9659A20
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e2c76b0c41f9858548ff1379a24deb75b9e541dd062f70bac1e49622876fcd3e
                                                                          • Instruction ID: 38fd5fdfc0727e576347a373eb51c71f935bb2b9e7c85250f440d9e2b2a1b24f
                                                                          • Opcode Fuzzy Hash: e2c76b0c41f9858548ff1379a24deb75b9e541dd062f70bac1e49622876fcd3e
                                                                          • Instruction Fuzzy Hash: 6061487160C709A7DB349B288E95FBE23A4EF41750F17091EE843DF281DA159E42CF55
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 412da774ac2da30e1e18f56cd13e2eac06d4f4277e315c30b244d648a58f8744
                                                                          • Instruction ID: 326aee709f6f0a7f1dfd990c7bc05ca912b552c4d91c0266b77f34a212d8cd88
                                                                          • Opcode Fuzzy Hash: 412da774ac2da30e1e18f56cd13e2eac06d4f4277e315c30b244d648a58f8744
                                                                          • Instruction Fuzzy Hash: 71617A72608709A7DE3A9B284952FBF23A4EF42744F12095EF843DF281DA16AD42CE55
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                          • Instruction ID: 2aea3f8aaddc38ab449ebd68789bac682f960b4ed6272318b38b3f98604d19bf
                                                                          • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                          • Instruction Fuzzy Hash: 7E81417270D0A349EB69473A8574A3EFFE15A933A131B079DD4F2CA1C2EE24D554E620
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b30bb6936f383ce47abf5590e222f28cf6cf1f94798d2492385fc48ee83b62b3
                                                                          • Instruction ID: 58dda31bb26b502c68ece42344c185203fe9ac2880312ee1c2ab50902b7521c4
                                                                          • Opcode Fuzzy Hash: b30bb6936f383ce47abf5590e222f28cf6cf1f94798d2492385fc48ee83b62b3
                                                                          • Instruction Fuzzy Hash: 4A51289194FBD69FE7039774887A188FF30EC5B51436886CFC8805A88BD791502ADB9A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067569459.000000000179D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_179d000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                          • Instruction ID: 93a9b6f4bbcc6c9e7d0d1c728b3874727a8e22ae0cb88352d96a16231ed9789a
                                                                          • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                          • Instruction Fuzzy Hash: E941C271D1051CEBDF48CFADC991AAEFBF2AF88201F948299D516AB345D730AB41DB40
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 766161dc7ba3aa9d6a16737f125325f29b0774b06bd3213b3f953fee747d769b
                                                                          • Instruction ID: 5eecfad6af02ad2e64e8458c01559a4f10156034847f619558fa206cf40d75e1
                                                                          • Opcode Fuzzy Hash: 766161dc7ba3aa9d6a16737f125325f29b0774b06bd3213b3f953fee747d769b
                                                                          • Instruction Fuzzy Hash: D321D5326206118BD728CF79C8226BA73E5E754310F15866EE4A7C73D1DE39A944CB80
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067569459.000000000179D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_179d000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                          • Instruction ID: 5a3259375ca958c3af59ad6db2e88843f509c6dc8bd480cce25b51447f177b1f
                                                                          • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                          • Instruction Fuzzy Hash: 77019278E00109EFCB44DF98C5909AEF7B5FF88310F608699E819A7701E730AE51DB84
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067569459.000000000179D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_179d000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                          • Instruction ID: d715de8cceeeb6bb1f7bb1bb398ed93bb61303fb67ec8244cc868862ef14d728
                                                                          • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                          • Instruction Fuzzy Hash: 99019278A01109EFCB84DF98C5909AEFBF5FB88310F608699E819A7701D730AE41DF80
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067569459.000000000179D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_179d000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                          • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                          • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                          • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                          APIs
                                                                          • DeleteObject.GDI32(00000000), ref: 00B22B30
                                                                          • DeleteObject.GDI32(00000000), ref: 00B22B43
                                                                          • DestroyWindow.USER32 ref: 00B22B52
                                                                          • GetDesktopWindow.USER32 ref: 00B22B6D
                                                                          • GetWindowRect.USER32(00000000), ref: 00B22B74
                                                                          • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00B22CA3
                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00B22CB1
                                                                          • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B22CF8
                                                                          • GetClientRect.USER32(00000000,?), ref: 00B22D04
                                                                          • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00B22D40
                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B22D62
                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B22D75
                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B22D80
                                                                          • GlobalLock.KERNEL32(00000000), ref: 00B22D89
                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B22D98
                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00B22DA1
                                                                          • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B22DA8
                                                                          • GlobalFree.KERNEL32(00000000), ref: 00B22DB3
                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B22DC5
                                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,00B3FC38,00000000), ref: 00B22DDB
                                                                          • GlobalFree.KERNEL32(00000000), ref: 00B22DEB
                                                                          • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00B22E11
                                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00B22E30
                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B22E52
                                                                          • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B2303F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                          • String ID: $AutoIt v3$DISPLAY$static
                                                                          • API String ID: 2211948467-2373415609
                                                                          • Opcode ID: 7d9d11aa1b4b6dac6341fa3162d52ce41b77b4e758b53b31924574a6d04eb653
                                                                          • Instruction ID: 0ae80172484f0ad3ed209ef34e0fb624a59c13c2f068804a543efac464793644
                                                                          • Opcode Fuzzy Hash: 7d9d11aa1b4b6dac6341fa3162d52ce41b77b4e758b53b31924574a6d04eb653
                                                                          • Instruction Fuzzy Hash: 9D028B71900215EFDB14DFA8DD89EAE7BB9EF49310F148558F919AB2A1CB34ED00CB60
                                                                          APIs
                                                                          • SetTextColor.GDI32(?,00000000), ref: 00B3712F
                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00B37160
                                                                          • GetSysColor.USER32(0000000F), ref: 00B3716C
                                                                          • SetBkColor.GDI32(?,000000FF), ref: 00B37186
                                                                          • SelectObject.GDI32(?,?), ref: 00B37195
                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 00B371C0
                                                                          • GetSysColor.USER32(00000010), ref: 00B371C8
                                                                          • CreateSolidBrush.GDI32(00000000), ref: 00B371CF
                                                                          • FrameRect.USER32(?,?,00000000), ref: 00B371DE
                                                                          • DeleteObject.GDI32(00000000), ref: 00B371E5
                                                                          • InflateRect.USER32(?,000000FE,000000FE), ref: 00B37230
                                                                          • FillRect.USER32(?,?,?), ref: 00B37262
                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00B37284
                                                                            • Part of subcall function 00B373E8: GetSysColor.USER32(00000012), ref: 00B37421
                                                                            • Part of subcall function 00B373E8: SetTextColor.GDI32(?,?), ref: 00B37425
                                                                            • Part of subcall function 00B373E8: GetSysColorBrush.USER32(0000000F), ref: 00B3743B
                                                                            • Part of subcall function 00B373E8: GetSysColor.USER32(0000000F), ref: 00B37446
                                                                            • Part of subcall function 00B373E8: GetSysColor.USER32(00000011), ref: 00B37463
                                                                            • Part of subcall function 00B373E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B37471
                                                                            • Part of subcall function 00B373E8: SelectObject.GDI32(?,00000000), ref: 00B37482
                                                                            • Part of subcall function 00B373E8: SetBkColor.GDI32(?,00000000), ref: 00B3748B
                                                                            • Part of subcall function 00B373E8: SelectObject.GDI32(?,?), ref: 00B37498
                                                                            • Part of subcall function 00B373E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00B374B7
                                                                            • Part of subcall function 00B373E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B374CE
                                                                            • Part of subcall function 00B373E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00B374DB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                          • String ID:
                                                                          • API String ID: 4124339563-0
                                                                          • Opcode ID: a42625725a51e339761d945a72ac49d0141b48d7f773da2f7e38dc9251ab229a
                                                                          • Instruction ID: 923482a1147b561f03bb75052d2fc595c9dcf2202cdb4f22c2aecb084f486acc
                                                                          • Opcode Fuzzy Hash: a42625725a51e339761d945a72ac49d0141b48d7f773da2f7e38dc9251ab229a
                                                                          • Instruction Fuzzy Hash: F1A19F72008701AFDB109FA4DC49E6FBBE9FB49321F200A19F962A71E1DB71E944DB51
                                                                          APIs
                                                                          • DestroyWindow.USER32(?,?), ref: 00AB8E14
                                                                          • SendMessageW.USER32(?,00001308,?,00000000), ref: 00AF6AC5
                                                                          • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00AF6AFE
                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00AF6F43
                                                                            • Part of subcall function 00AB8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00AB8BE8,?,00000000,?,?,?,?,00AB8BBA,00000000,?), ref: 00AB8FC5
                                                                          • SendMessageW.USER32(?,00001053), ref: 00AF6F7F
                                                                          • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00AF6F96
                                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00AF6FAC
                                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00AF6FB7
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                          • String ID: 0
                                                                          • API String ID: 2760611726-4108050209
                                                                          • Opcode ID: e7a4176402a4094714cf3aa47c97cdd910ced729ca2fc6d6805b40b92182b678
                                                                          • Instruction ID: 3db7a3611a2818cc1b0039826f74919013555ab0231e98a53c9140aab5e879e9
                                                                          • Opcode Fuzzy Hash: e7a4176402a4094714cf3aa47c97cdd910ced729ca2fc6d6805b40b92182b678
                                                                          • Instruction Fuzzy Hash: 40129E31200205EFD725DF68C944BB9BBF9FB44300F148469F6999B262CB35EC92DB91
                                                                          APIs
                                                                          • DestroyWindow.USER32(00000000), ref: 00B2273E
                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00B2286A
                                                                          • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00B228A9
                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00B228B9
                                                                          • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00B22900
                                                                          • GetClientRect.USER32(00000000,?), ref: 00B2290C
                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00B22955
                                                                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00B22964
                                                                          • GetStockObject.GDI32(00000011), ref: 00B22974
                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00B22978
                                                                          • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00B22988
                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B22991
                                                                          • DeleteDC.GDI32(00000000), ref: 00B2299A
                                                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00B229C6
                                                                          • SendMessageW.USER32(00000030,00000000,00000001), ref: 00B229DD
                                                                          • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00B22A1D
                                                                          • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00B22A31
                                                                          • SendMessageW.USER32(00000404,00000001,00000000), ref: 00B22A42
                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00B22A77
                                                                          • GetStockObject.GDI32(00000011), ref: 00B22A82
                                                                          • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00B22A8D
                                                                          • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00B22A97
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                          • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                          • API String ID: 2910397461-517079104
                                                                          • Opcode ID: cde8d1ed20af1e50b3bbbb4b9dbc2a2da497b6437412d6667c166bd855f65495
                                                                          • Instruction ID: 2da448dcdabc46b93cb06d07a6c08f88f151445bb0d052f39d928260d156357e
                                                                          • Opcode Fuzzy Hash: cde8d1ed20af1e50b3bbbb4b9dbc2a2da497b6437412d6667c166bd855f65495
                                                                          • Instruction Fuzzy Hash: 0AB17E71A00215BFEB14DFA8DC86EAE7BB9EB08710F104554F919EB2A1DB70ED40CB64
                                                                          APIs
                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00B14AED
                                                                          • GetDriveTypeW.KERNEL32(?,00B3CB68,?,\\.\,00B3CC08), ref: 00B14BCA
                                                                          • SetErrorMode.KERNEL32(00000000,00B3CB68,?,\\.\,00B3CC08), ref: 00B14D36
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorMode$DriveType
                                                                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                          • API String ID: 2907320926-4222207086
                                                                          • Opcode ID: c9318b9f683b79abb84aded647d7f13eff12888dd489601c41cb99a9298b0b99
                                                                          • Instruction ID: aa5e35480434087a806baf32da070a510cc5be5324fdf25e885a76947ab3c825
                                                                          • Opcode Fuzzy Hash: c9318b9f683b79abb84aded647d7f13eff12888dd489601c41cb99a9298b0b99
                                                                          • Instruction Fuzzy Hash: 8461B030605106EBCB04DF24CAC1DEDB7E0EB46740BA484E5F806AB2A1DB39ED81DB81
                                                                          APIs
                                                                          • GetSysColor.USER32(00000012), ref: 00B37421
                                                                          • SetTextColor.GDI32(?,?), ref: 00B37425
                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00B3743B
                                                                          • GetSysColor.USER32(0000000F), ref: 00B37446
                                                                          • CreateSolidBrush.GDI32(?), ref: 00B3744B
                                                                          • GetSysColor.USER32(00000011), ref: 00B37463
                                                                          • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B37471
                                                                          • SelectObject.GDI32(?,00000000), ref: 00B37482
                                                                          • SetBkColor.GDI32(?,00000000), ref: 00B3748B
                                                                          • SelectObject.GDI32(?,?), ref: 00B37498
                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 00B374B7
                                                                          • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B374CE
                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00B374DB
                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B3752A
                                                                          • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00B37554
                                                                          • InflateRect.USER32(?,000000FD,000000FD), ref: 00B37572
                                                                          • DrawFocusRect.USER32(?,?), ref: 00B3757D
                                                                          • GetSysColor.USER32(00000011), ref: 00B3758E
                                                                          • SetTextColor.GDI32(?,00000000), ref: 00B37596
                                                                          • DrawTextW.USER32(?,00B370F5,000000FF,?,00000000), ref: 00B375A8
                                                                          • SelectObject.GDI32(?,?), ref: 00B375BF
                                                                          • DeleteObject.GDI32(?), ref: 00B375CA
                                                                          • SelectObject.GDI32(?,?), ref: 00B375D0
                                                                          • DeleteObject.GDI32(?), ref: 00B375D5
                                                                          • SetTextColor.GDI32(?,?), ref: 00B375DB
                                                                          • SetBkColor.GDI32(?,?), ref: 00B375E5
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                          • String ID:
                                                                          • API String ID: 1996641542-0
                                                                          • Opcode ID: 35d2e0ebab8082f5e396c3e9acd2ac95e9f1b09550daf9712d99cacf91632686
                                                                          • Instruction ID: aa7383f9480a977e2757e91727bb9c47e23097a32de8f9fbfed9978cac7c4882
                                                                          • Opcode Fuzzy Hash: 35d2e0ebab8082f5e396c3e9acd2ac95e9f1b09550daf9712d99cacf91632686
                                                                          • Instruction Fuzzy Hash: 80616A72900218AFDF119FA4DC49EEEBFB9EB08320F214155F915BB2A1DB75A940DB90
                                                                          APIs
                                                                          • GetCursorPos.USER32(?), ref: 00B31128
                                                                          • GetDesktopWindow.USER32 ref: 00B3113D
                                                                          • GetWindowRect.USER32(00000000), ref: 00B31144
                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00B31199
                                                                          • DestroyWindow.USER32(?), ref: 00B311B9
                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00B311ED
                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B3120B
                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B3121D
                                                                          • SendMessageW.USER32(00000000,00000421,?,?), ref: 00B31232
                                                                          • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00B31245
                                                                          • IsWindowVisible.USER32(00000000), ref: 00B312A1
                                                                          • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00B312BC
                                                                          • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00B312D0
                                                                          • GetWindowRect.USER32(00000000,?), ref: 00B312E8
                                                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 00B3130E
                                                                          • GetMonitorInfoW.USER32(00000000,?), ref: 00B31328
                                                                          • CopyRect.USER32(?,?), ref: 00B3133F
                                                                          • SendMessageW.USER32(00000000,00000412,00000000), ref: 00B313AA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                          • String ID: ($0$tooltips_class32
                                                                          • API String ID: 698492251-4156429822
                                                                          • Opcode ID: 0ebf12fafd7e2e639366b1959a5e5b2137d13b965ebd020526d899df6447211a
                                                                          • Instruction ID: f1491cb685e7be85f2bef20a734a28651aa3c35138805a40feca7f3089243570
                                                                          • Opcode Fuzzy Hash: 0ebf12fafd7e2e639366b1959a5e5b2137d13b965ebd020526d899df6447211a
                                                                          • Instruction Fuzzy Hash: EBB17C71604341AFD704DF68C985B6FBBE8FF85350F108958F999AB2A1CB31E844CBA1
                                                                          APIs
                                                                          • CharUpperBuffW.USER32(?,?), ref: 00B302E5
                                                                          • _wcslen.LIBCMT ref: 00B3031F
                                                                          • _wcslen.LIBCMT ref: 00B30389
                                                                          • _wcslen.LIBCMT ref: 00B303F1
                                                                          • _wcslen.LIBCMT ref: 00B30475
                                                                          • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00B304C5
                                                                          • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00B30504
                                                                            • Part of subcall function 00ABF9F2: _wcslen.LIBCMT ref: 00ABF9FD
                                                                            • Part of subcall function 00B0223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B02258
                                                                            • Part of subcall function 00B0223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00B0228A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                          • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                          • API String ID: 1103490817-719923060
                                                                          • Opcode ID: b3c4995ba6b6d22b5ed693ec34f8b3f0a2ed47d456dcd311ca4a4410508ccff9
                                                                          • Instruction ID: 40b451e876e3b6ee317c33f50f5d7247cca0913c06761995e67cbef4a579ce1a
                                                                          • Opcode Fuzzy Hash: b3c4995ba6b6d22b5ed693ec34f8b3f0a2ed47d456dcd311ca4a4410508ccff9
                                                                          • Instruction Fuzzy Hash: 92E1A0312282018FC714EF24C9A196EB7E6FF98714F24499CF8969B3A6DB30ED45CB51
                                                                          APIs
                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00AB8968
                                                                          • GetSystemMetrics.USER32(00000007), ref: 00AB8970
                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00AB899B
                                                                          • GetSystemMetrics.USER32(00000008), ref: 00AB89A3
                                                                          • GetSystemMetrics.USER32(00000004), ref: 00AB89C8
                                                                          • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00AB89E5
                                                                          • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00AB89F5
                                                                          • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00AB8A28
                                                                          • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00AB8A3C
                                                                          • GetClientRect.USER32(00000000,000000FF), ref: 00AB8A5A
                                                                          • GetStockObject.GDI32(00000011), ref: 00AB8A76
                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 00AB8A81
                                                                            • Part of subcall function 00AB912D: GetCursorPos.USER32(?), ref: 00AB9141
                                                                            • Part of subcall function 00AB912D: ScreenToClient.USER32(00000000,?), ref: 00AB915E
                                                                            • Part of subcall function 00AB912D: GetAsyncKeyState.USER32(00000001), ref: 00AB9183
                                                                            • Part of subcall function 00AB912D: GetAsyncKeyState.USER32(00000002), ref: 00AB919D
                                                                          • SetTimer.USER32(00000000,00000000,00000028,00AB90FC), ref: 00AB8AA8
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                          • String ID: AutoIt v3 GUI
                                                                          • API String ID: 1458621304-248962490
                                                                          • Opcode ID: 73cd68d4cc20fedbcdd3051b590a793424f2f5e12337a0b8096157950b2776e8
                                                                          • Instruction ID: 7c2d173481e8de47f4fc9db8ef6e4b8cf86487ee16beed05953a8721c30ee8ab
                                                                          • Opcode Fuzzy Hash: 73cd68d4cc20fedbcdd3051b590a793424f2f5e12337a0b8096157950b2776e8
                                                                          • Instruction Fuzzy Hash: D3B16B71A00209AFDF14DFACCD46BEE7BB9FB48314F114229FA15A7291DB34A841CB61
                                                                          APIs
                                                                            • Part of subcall function 00B010F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B01114
                                                                            • Part of subcall function 00B010F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00B00B9B,?,?,?), ref: 00B01120
                                                                            • Part of subcall function 00B010F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00B00B9B,?,?,?), ref: 00B0112F
                                                                            • Part of subcall function 00B010F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00B00B9B,?,?,?), ref: 00B01136
                                                                            • Part of subcall function 00B010F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B0114D
                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00B00DF5
                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00B00E29
                                                                          • GetLengthSid.ADVAPI32(?), ref: 00B00E40
                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00B00E7A
                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00B00E96
                                                                          • GetLengthSid.ADVAPI32(?), ref: 00B00EAD
                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00B00EB5
                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00B00EBC
                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00B00EDD
                                                                          • CopySid.ADVAPI32(00000000), ref: 00B00EE4
                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00B00F13
                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00B00F35
                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00B00F47
                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B00F6E
                                                                          • HeapFree.KERNEL32(00000000), ref: 00B00F75
                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B00F7E
                                                                          • HeapFree.KERNEL32(00000000), ref: 00B00F85
                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B00F8E
                                                                          • HeapFree.KERNEL32(00000000), ref: 00B00F95
                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00B00FA1
                                                                          • HeapFree.KERNEL32(00000000), ref: 00B00FA8
                                                                            • Part of subcall function 00B01193: GetProcessHeap.KERNEL32(00000008,00B00BB1,?,00000000,?,00B00BB1,?), ref: 00B011A1
                                                                            • Part of subcall function 00B01193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00B00BB1,?), ref: 00B011A8
                                                                            • Part of subcall function 00B01193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00B00BB1,?), ref: 00B011B7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                          • String ID:
                                                                          • API String ID: 4175595110-0
                                                                          • Opcode ID: 5eac7e96c5f6f5a758d2c1ee860c5dee6a93a85fc0a079908af8ea7dc2290ff8
                                                                          • Instruction ID: 3b82d2801aca08d53d167a615eec04e00b986dcc13c59de380610a65774f45a2
                                                                          • Opcode Fuzzy Hash: 5eac7e96c5f6f5a758d2c1ee860c5dee6a93a85fc0a079908af8ea7dc2290ff8
                                                                          • Instruction Fuzzy Hash: E6715B7290020AEBDB20AFA4DC48FAEBFB8FF05301F244195FA59B7191DB719905DB60
                                                                          APIs
                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B2C4BD
                                                                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,00B3CC08,00000000,?,00000000,?,?), ref: 00B2C544
                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00B2C5A4
                                                                          • _wcslen.LIBCMT ref: 00B2C5F4
                                                                          • _wcslen.LIBCMT ref: 00B2C66F
                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00B2C6B2
                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00B2C7C1
                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00B2C84D
                                                                          • RegCloseKey.ADVAPI32(?), ref: 00B2C881
                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00B2C88E
                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00B2C960
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                          • API String ID: 9721498-966354055
                                                                          • Opcode ID: f6bf68647ff260c2fb42b23de8aec892e069a9ed0f57ae11007b660a2ec515a5
                                                                          • Instruction ID: 1a4dbdb51c90855f2069d9a0fd21cc94dfd9595b7bafd2d53065c8e3765e5fb2
                                                                          • Opcode Fuzzy Hash: f6bf68647ff260c2fb42b23de8aec892e069a9ed0f57ae11007b660a2ec515a5
                                                                          • Instruction Fuzzy Hash: C41278356042119FDB14EF14D991E2EBBE5EF89714F14889CF88A9B3A2DB31ED41CB81
                                                                          APIs
                                                                          • CharUpperBuffW.USER32(?,?), ref: 00B309C6
                                                                          • _wcslen.LIBCMT ref: 00B30A01
                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B30A54
                                                                          • _wcslen.LIBCMT ref: 00B30A8A
                                                                          • _wcslen.LIBCMT ref: 00B30B06
                                                                          • _wcslen.LIBCMT ref: 00B30B81
                                                                            • Part of subcall function 00ABF9F2: _wcslen.LIBCMT ref: 00ABF9FD
                                                                            • Part of subcall function 00B02BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B02BFA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                          • API String ID: 1103490817-4258414348
                                                                          • Opcode ID: 517c781cf118395427ac96ab8dffb7335f5ea317bb7e007d751fa46cfa4d73c6
                                                                          • Instruction ID: 223c2041871d91c53dbc0e987ddcfc94b269ecd9ff45a1bf41b3d5ee708cabf2
                                                                          • Opcode Fuzzy Hash: 517c781cf118395427ac96ab8dffb7335f5ea317bb7e007d751fa46cfa4d73c6
                                                                          • Instruction Fuzzy Hash: CFE19E352183019FC714EF24C5A096AB7E1FF99714F2489ACF8969B3A2DB31ED45CB81
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$BuffCharUpper
                                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                          • API String ID: 1256254125-909552448
                                                                          • Opcode ID: 79e3de7ea057186b5b56dd668669cb8998a435ba4a065050321b7abd2a631523
                                                                          • Instruction ID: 79e1a1e8ef10d396728ac4626a540eac3ad9546544b83b75be4aa1ed6b820797
                                                                          • Opcode Fuzzy Hash: 79e3de7ea057186b5b56dd668669cb8998a435ba4a065050321b7abd2a631523
                                                                          • Instruction Fuzzy Hash: 4971143360013A8BCB20DE7CED515BE3BD1EF65754B2505A8F86E97288EA35CD4583A0
                                                                          APIs
                                                                          • _wcslen.LIBCMT ref: 00B3835A
                                                                          • _wcslen.LIBCMT ref: 00B3836E
                                                                          • _wcslen.LIBCMT ref: 00B38391
                                                                          • _wcslen.LIBCMT ref: 00B383B4
                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00B383F2
                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00B35BF2), ref: 00B3844E
                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B38487
                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00B384CA
                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B38501
                                                                          • FreeLibrary.KERNEL32(?), ref: 00B3850D
                                                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00B3851D
                                                                          • DestroyIcon.USER32(?,?,?,?,?,00B35BF2), ref: 00B3852C
                                                                          • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00B38549
                                                                          • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00B38555
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                          • String ID: .dll$.exe$.icl
                                                                          • API String ID: 799131459-1154884017
                                                                          • Opcode ID: 09340dcf26eddd2cb59835af932ef2413c64fb7faee89553634e0f066b1bbce1
                                                                          • Instruction ID: dfffb13f4189ad98b1e1a2abc5ae5a877a2663d978d20cfab76abba7aafa3e8b
                                                                          • Opcode Fuzzy Hash: 09340dcf26eddd2cb59835af932ef2413c64fb7faee89553634e0f066b1bbce1
                                                                          • Instruction Fuzzy Hash: FF61B071540315BAEB14DF64CC85BBE7BA8FB18B11F204689F815E61D1DF74A984CBA0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                          • API String ID: 0-1645009161
                                                                          • Opcode ID: d8715930570bf2521d65ca476af3beb9d00154bcf1c433258a828590610b006e
                                                                          • Instruction ID: 8dbea50abb69914d29e20ed40b8853977e1cc17df4de729d1b759e88f74a9a81
                                                                          • Opcode Fuzzy Hash: d8715930570bf2521d65ca476af3beb9d00154bcf1c433258a828590610b006e
                                                                          • Instruction Fuzzy Hash: 5E81E071A04605BBDB20BF61DD42FBF3BA8AF16300F144068F905AB1E2EB74DA51D7A1
                                                                          APIs
                                                                          • LoadIconW.USER32(00000063), ref: 00B05A2E
                                                                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00B05A40
                                                                          • SetWindowTextW.USER32(?,?), ref: 00B05A57
                                                                          • GetDlgItem.USER32(?,000003EA), ref: 00B05A6C
                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00B05A72
                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00B05A82
                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00B05A88
                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00B05AA9
                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00B05AC3
                                                                          • GetWindowRect.USER32(?,?), ref: 00B05ACC
                                                                          • _wcslen.LIBCMT ref: 00B05B33
                                                                          • SetWindowTextW.USER32(?,?), ref: 00B05B6F
                                                                          • GetDesktopWindow.USER32 ref: 00B05B75
                                                                          • GetWindowRect.USER32(00000000), ref: 00B05B7C
                                                                          • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00B05BD3
                                                                          • GetClientRect.USER32(?,?), ref: 00B05BE0
                                                                          • PostMessageW.USER32(?,00000005,00000000,?), ref: 00B05C05
                                                                          • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00B05C2F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                          • String ID:
                                                                          • API String ID: 895679908-0
                                                                          • Opcode ID: b2d45f339abeae7d27845a061069970e28eef44f9a7b4d3da57a7d986c9b0d40
                                                                          • Instruction ID: 55e0f34dcd3ec3d68e8cb1b7528f755a139f81548483d271a8adf626d2bec9e2
                                                                          • Opcode Fuzzy Hash: b2d45f339abeae7d27845a061069970e28eef44f9a7b4d3da57a7d986c9b0d40
                                                                          • Instruction Fuzzy Hash: 1A712B31A00A09AFDB20DFA8CE85AAFBFF5FB48704F104558E546A39A0DB75A944CF50
                                                                          APIs
                                                                          • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00AC00C6
                                                                            • Part of subcall function 00AC00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00B7070C,00000FA0,B686024E,?,?,?,?,00AE23B3,000000FF), ref: 00AC011C
                                                                            • Part of subcall function 00AC00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00AE23B3,000000FF), ref: 00AC0127
                                                                            • Part of subcall function 00AC00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00AE23B3,000000FF), ref: 00AC0138
                                                                            • Part of subcall function 00AC00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00AC014E
                                                                            • Part of subcall function 00AC00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00AC015C
                                                                            • Part of subcall function 00AC00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00AC016A
                                                                            • Part of subcall function 00AC00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00AC0195
                                                                            • Part of subcall function 00AC00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00AC01A0
                                                                          • ___scrt_fastfail.LIBCMT ref: 00AC00E7
                                                                            • Part of subcall function 00AC00A3: __onexit.LIBCMT ref: 00AC00A9
                                                                          Strings
                                                                          • kernel32.dll, xrefs: 00AC0133
                                                                          • InitializeConditionVariable, xrefs: 00AC0148
                                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00AC0122
                                                                          • WakeAllConditionVariable, xrefs: 00AC0162
                                                                          • SleepConditionVariableCS, xrefs: 00AC0154
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                          • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                          • API String ID: 66158676-1714406822
                                                                          • Opcode ID: 1bbcc0dddaee409825f7902dcbe6d59c1b8750ccc0e2ba66051c94a336f1eddf
                                                                          • Instruction ID: 3880327048e2ebea9f22216e6ad0ffcf3baa7dba3986164c54bb48260e8a4762
                                                                          • Opcode Fuzzy Hash: 1bbcc0dddaee409825f7902dcbe6d59c1b8750ccc0e2ba66051c94a336f1eddf
                                                                          • Instruction Fuzzy Hash: DC21A732A44711EBD7116BA4AD09F7E77E8EB05B51F26063EF815B72A1DFB49C008B90
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen
                                                                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                          • API String ID: 176396367-1603158881
                                                                          • Opcode ID: 3304d2ec3669d875fce7249e1a0e438f22c86789875a23589470944de72796ad
                                                                          • Instruction ID: ed097928b575314d7df5907ebfa460d98f3720301f5d6b45491e59897201bcae
                                                                          • Opcode Fuzzy Hash: 3304d2ec3669d875fce7249e1a0e438f22c86789875a23589470944de72796ad
                                                                          • Instruction Fuzzy Hash: DBE1F532A005169BCB24DF64C899BEEBFF8FF54B10F548199E456B72D0DB30AE858790
                                                                          APIs
                                                                          • CharLowerBuffW.USER32(00000000,00000000,00B3CC08), ref: 00B14527
                                                                          • _wcslen.LIBCMT ref: 00B1453B
                                                                          • _wcslen.LIBCMT ref: 00B14599
                                                                          • _wcslen.LIBCMT ref: 00B145F4
                                                                          • _wcslen.LIBCMT ref: 00B1463F
                                                                          • _wcslen.LIBCMT ref: 00B146A7
                                                                            • Part of subcall function 00ABF9F2: _wcslen.LIBCMT ref: 00ABF9FD
                                                                          • GetDriveTypeW.KERNEL32(?,00B66BF0,00000061), ref: 00B14743
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$BuffCharDriveLowerType
                                                                          • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                          • API String ID: 2055661098-1000479233
                                                                          • Opcode ID: 7fdde14c8a9eb356641981b2ccb4df47b67447d2c4a5e150859b724f95434336
                                                                          • Instruction ID: d89c382d928050e8b52ef93eb7a63cc2c8ef6a6611395bba3f80d18af6e703e6
                                                                          • Opcode Fuzzy Hash: 7fdde14c8a9eb356641981b2ccb4df47b67447d2c4a5e150859b724f95434336
                                                                          • Instruction Fuzzy Hash: 31B1F1316083029FC710DF28C991AAEB7E5EFA6764F94499DF496C7291D730DC84CBA2
                                                                          APIs
                                                                          • _wcslen.LIBCMT ref: 00B2B198
                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B2B1B0
                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B2B1D4
                                                                          • _wcslen.LIBCMT ref: 00B2B200
                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B2B214
                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B2B236
                                                                          • _wcslen.LIBCMT ref: 00B2B332
                                                                            • Part of subcall function 00B105A7: GetStdHandle.KERNEL32(000000F6), ref: 00B105C6
                                                                          • _wcslen.LIBCMT ref: 00B2B34B
                                                                          • _wcslen.LIBCMT ref: 00B2B366
                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B2B3B6
                                                                          • GetLastError.KERNEL32(00000000), ref: 00B2B407
                                                                          • CloseHandle.KERNEL32(?), ref: 00B2B439
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00B2B44A
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00B2B45C
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00B2B46E
                                                                          • CloseHandle.KERNEL32(?), ref: 00B2B4E3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                          • String ID:
                                                                          • API String ID: 2178637699-0
                                                                          • Opcode ID: 42d510a8e4d3024d37aa38b739d91cf216811bf879f799743befe7c4b5882535
                                                                          • Instruction ID: 7bb0d90baac72f899d86f1c56d07e021cd3dc3e932dbd2bc492e1bceb44c5645
                                                                          • Opcode Fuzzy Hash: 42d510a8e4d3024d37aa38b739d91cf216811bf879f799743befe7c4b5882535
                                                                          • Instruction Fuzzy Hash: 46F169315043109FCB15EF24D991B6EBBE5EF85314F18899DF8999B2A2DB31EC40CB52
                                                                          APIs
                                                                          • GetMenuItemCount.USER32(00B71990), ref: 00AE2F8D
                                                                          • GetMenuItemCount.USER32(00B71990), ref: 00AE303D
                                                                          • GetCursorPos.USER32(?), ref: 00AE3081
                                                                          • SetForegroundWindow.USER32(00000000), ref: 00AE308A
                                                                          • TrackPopupMenuEx.USER32(00B71990,00000000,?,00000000,00000000,00000000), ref: 00AE309D
                                                                          • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00AE30A9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                          • String ID: 0
                                                                          • API String ID: 36266755-4108050209
                                                                          • Opcode ID: 6a57a6104af654cc3026503577331ebd57aee3330a0683d4761e8e895b5d0d99
                                                                          • Instruction ID: d874314966aa69529ed1ed9fde3d7ee3c27e2e8a13a025e3f45928f66591bd03
                                                                          • Opcode Fuzzy Hash: 6a57a6104af654cc3026503577331ebd57aee3330a0683d4761e8e895b5d0d99
                                                                          • Instruction Fuzzy Hash: 73710631640255BEEB259F69CC49FAABF78FF05324F204216F5156B1E0CBB1AD64CB90
                                                                          APIs
                                                                          • DestroyWindow.USER32(?,?), ref: 00B36DEB
                                                                            • Part of subcall function 00AA6B57: _wcslen.LIBCMT ref: 00AA6B6A
                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00B36E5F
                                                                          • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00B36E81
                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B36E94
                                                                          • DestroyWindow.USER32(?), ref: 00B36EB5
                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00AA0000,00000000), ref: 00B36EE4
                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B36EFD
                                                                          • GetDesktopWindow.USER32 ref: 00B36F16
                                                                          • GetWindowRect.USER32(00000000), ref: 00B36F1D
                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B36F35
                                                                          • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00B36F4D
                                                                            • Part of subcall function 00AB9944: GetWindowLongW.USER32(?,000000EB), ref: 00AB9952
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                          • String ID: 0$tooltips_class32
                                                                          • API String ID: 2429346358-3619404913
                                                                          • Opcode ID: e7861b2365d6f6b7966be562d362c2d5b3c1828061f89bf1fe8bfa479ff60593
                                                                          • Instruction ID: 23d329f0bf3936f2e9353836023f19859ba634ebdf3f3ed0c3463d5e82146b74
                                                                          • Opcode Fuzzy Hash: e7861b2365d6f6b7966be562d362c2d5b3c1828061f89bf1fe8bfa479ff60593
                                                                          • Instruction Fuzzy Hash: C1716974144244AFDB21CF18DC44FAABBE9FB89304F24485DFA9997261CB70A94ACB21
                                                                          APIs
                                                                            • Part of subcall function 00AB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00AB9BB2
                                                                          • DragQueryPoint.SHELL32(?,?), ref: 00B39147
                                                                            • Part of subcall function 00B37674: ClientToScreen.USER32(?,?), ref: 00B3769A
                                                                            • Part of subcall function 00B37674: GetWindowRect.USER32(?,?), ref: 00B37710
                                                                            • Part of subcall function 00B37674: PtInRect.USER32(?,?,00B38B89), ref: 00B37720
                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00B391B0
                                                                          • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00B391BB
                                                                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00B391DE
                                                                          • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00B39225
                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00B3923E
                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00B39255
                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00B39277
                                                                          • DragFinish.SHELL32(?), ref: 00B3927E
                                                                          • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00B39371
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                          • API String ID: 221274066-3440237614
                                                                          • Opcode ID: 81f72e75f5f3d484438bfe3116d9d4603f6f209606aae2a865cb6454c95880f0
                                                                          • Instruction ID: 3cc201f291b4bc4e08255ece6cac06a3900c96fdf1379a679e24b4e154aae94b
                                                                          • Opcode Fuzzy Hash: 81f72e75f5f3d484438bfe3116d9d4603f6f209606aae2a865cb6454c95880f0
                                                                          • Instruction Fuzzy Hash: 77618B71108301AFD701EFA4CD85DAFBBE8EF89750F10495DF595932A0DB709A49CB62
                                                                          APIs
                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00B1C4B0
                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00B1C4C3
                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00B1C4D7
                                                                          • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00B1C4F0
                                                                          • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00B1C533
                                                                          • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00B1C549
                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B1C554
                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00B1C584
                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00B1C5DC
                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00B1C5F0
                                                                          • InternetCloseHandle.WININET(00000000), ref: 00B1C5FB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                          • String ID:
                                                                          • API String ID: 3800310941-3916222277
                                                                          • Opcode ID: fa123d51ce03974958a3aaa61aaf0699a3cd684db2dedd6d9dbaa4b5ba9b23a6
                                                                          • Instruction ID: bb39406c25a659e4cb6109f8dd77e7a99d9ef54157da8f8eb21655ff052abddd
                                                                          • Opcode Fuzzy Hash: fa123d51ce03974958a3aaa61aaf0699a3cd684db2dedd6d9dbaa4b5ba9b23a6
                                                                          • Instruction Fuzzy Hash: 775139B1540208BFEB218FA4C989ABB7FFDFB18754F504459F945E7210DB34EA889B60
                                                                          APIs
                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00B38592
                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B385A2
                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B385AD
                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B385BA
                                                                          • GlobalLock.KERNEL32(00000000), ref: 00B385C8
                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B385D7
                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00B385E0
                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B385E7
                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B385F8
                                                                          • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00B3FC38,?), ref: 00B38611
                                                                          • GlobalFree.KERNEL32(00000000), ref: 00B38621
                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 00B38641
                                                                          • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00B38671
                                                                          • DeleteObject.GDI32(?), ref: 00B38699
                                                                          • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00B386AF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                          • String ID:
                                                                          • API String ID: 3840717409-0
                                                                          • Opcode ID: c68392a251a38c15dbf543eb89628b8f55c34152a450a644f35f03847f7dd728
                                                                          • Instruction ID: ff2bc5ff9811b92a73743e9ace7b5cd381af7941c91748e0732ce856c9241158
                                                                          • Opcode Fuzzy Hash: c68392a251a38c15dbf543eb89628b8f55c34152a450a644f35f03847f7dd728
                                                                          • Instruction Fuzzy Hash: A241F975600204BFDB119FA9DC89EAF7BB8FF89711F208059F905E7260DB30A901DB61
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(00000000), ref: 00B11502
                                                                          • VariantCopy.OLEAUT32(?,?), ref: 00B1150B
                                                                          • VariantClear.OLEAUT32(?), ref: 00B11517
                                                                          • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00B115FB
                                                                          • VarR8FromDec.OLEAUT32(?,?), ref: 00B11657
                                                                          • VariantInit.OLEAUT32(?), ref: 00B11708
                                                                          • SysFreeString.OLEAUT32(?), ref: 00B1178C
                                                                          • VariantClear.OLEAUT32(?), ref: 00B117D8
                                                                          • VariantClear.OLEAUT32(?), ref: 00B117E7
                                                                          • VariantInit.OLEAUT32(00000000), ref: 00B11823
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                          • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                          • API String ID: 1234038744-3931177956
                                                                          • Opcode ID: 2e8f69f7499b4715b21d3503f703edc3a953b1d599b40b555ff70649f7a63e14
                                                                          • Instruction ID: 8c5ad28c79aa720c9b8e5e8031159b9e8b970bbc4ddd5b05b5e3f2ef64570fc9
                                                                          • Opcode Fuzzy Hash: 2e8f69f7499b4715b21d3503f703edc3a953b1d599b40b555ff70649f7a63e14
                                                                          • Instruction Fuzzy Hash: 48D10071A00115DFDB009F69D884BBDB7F6FF45700FA48996E646AB281DB30DD80DB62
                                                                          APIs
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                            • Part of subcall function 00B2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B2B6AE,?,?), ref: 00B2C9B5
                                                                            • Part of subcall function 00B2C998: _wcslen.LIBCMT ref: 00B2C9F1
                                                                            • Part of subcall function 00B2C998: _wcslen.LIBCMT ref: 00B2CA68
                                                                            • Part of subcall function 00B2C998: _wcslen.LIBCMT ref: 00B2CA9E
                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B2B6F4
                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B2B772
                                                                          • RegDeleteValueW.ADVAPI32(?,?), ref: 00B2B80A
                                                                          • RegCloseKey.ADVAPI32(?), ref: 00B2B87E
                                                                          • RegCloseKey.ADVAPI32(?), ref: 00B2B89C
                                                                          • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00B2B8F2
                                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B2B904
                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B2B922
                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00B2B983
                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00B2B994
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                          • API String ID: 146587525-4033151799
                                                                          • Opcode ID: a1e3dbc281697352c7f7815844950c23b7becec3ff2eb0bbb8dda203b86d42db
                                                                          • Instruction ID: 59cfa3b45b4b9e76861ac4a6208571a83fee23ef164489f19e29ef57220c9e2f
                                                                          • Opcode Fuzzy Hash: a1e3dbc281697352c7f7815844950c23b7becec3ff2eb0bbb8dda203b86d42db
                                                                          • Instruction Fuzzy Hash: 3CC1AD34208211AFD714DF14D495F2ABBE5FF85318F14859CF5AA8B2A2CB35EC45CB92
                                                                          APIs
                                                                          • GetDC.USER32(00000000), ref: 00B225D8
                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00B225E8
                                                                          • CreateCompatibleDC.GDI32(?), ref: 00B225F4
                                                                          • SelectObject.GDI32(00000000,?), ref: 00B22601
                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00B2266D
                                                                          • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00B226AC
                                                                          • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00B226D0
                                                                          • SelectObject.GDI32(?,?), ref: 00B226D8
                                                                          • DeleteObject.GDI32(?), ref: 00B226E1
                                                                          • DeleteDC.GDI32(?), ref: 00B226E8
                                                                          • ReleaseDC.USER32(00000000,?), ref: 00B226F3
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                          • String ID: (
                                                                          • API String ID: 2598888154-3887548279
                                                                          • Opcode ID: 54739ec717a3f888631b2147518657ae060bd1c98ddc42aec16290168e4ee4fb
                                                                          • Instruction ID: 0468a31f6b0769d3ad4b7af101401ca0e79dae15469677c1a9765be8e8b82cfa
                                                                          • Opcode Fuzzy Hash: 54739ec717a3f888631b2147518657ae060bd1c98ddc42aec16290168e4ee4fb
                                                                          • Instruction Fuzzy Hash: 9E61E076D00219EFCF15CFA4D884AAEBBF6FF48310F208569E959A7250D770A941DFA0
                                                                          APIs
                                                                          • ___free_lconv_mon.LIBCMT ref: 00ADDAA1
                                                                            • Part of subcall function 00ADD63C: _free.LIBCMT ref: 00ADD659
                                                                            • Part of subcall function 00ADD63C: _free.LIBCMT ref: 00ADD66B
                                                                            • Part of subcall function 00ADD63C: _free.LIBCMT ref: 00ADD67D
                                                                            • Part of subcall function 00ADD63C: _free.LIBCMT ref: 00ADD68F
                                                                            • Part of subcall function 00ADD63C: _free.LIBCMT ref: 00ADD6A1
                                                                            • Part of subcall function 00ADD63C: _free.LIBCMT ref: 00ADD6B3
                                                                            • Part of subcall function 00ADD63C: _free.LIBCMT ref: 00ADD6C5
                                                                            • Part of subcall function 00ADD63C: _free.LIBCMT ref: 00ADD6D7
                                                                            • Part of subcall function 00ADD63C: _free.LIBCMT ref: 00ADD6E9
                                                                            • Part of subcall function 00ADD63C: _free.LIBCMT ref: 00ADD6FB
                                                                            • Part of subcall function 00ADD63C: _free.LIBCMT ref: 00ADD70D
                                                                            • Part of subcall function 00ADD63C: _free.LIBCMT ref: 00ADD71F
                                                                            • Part of subcall function 00ADD63C: _free.LIBCMT ref: 00ADD731
                                                                          • _free.LIBCMT ref: 00ADDA96
                                                                            • Part of subcall function 00AD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ADD7D1,00000000,00000000,00000000,00000000,?,00ADD7F8,00000000,00000007,00000000,?,00ADDBF5,00000000), ref: 00AD29DE
                                                                            • Part of subcall function 00AD29C8: GetLastError.KERNEL32(00000000,?,00ADD7D1,00000000,00000000,00000000,00000000,?,00ADD7F8,00000000,00000007,00000000,?,00ADDBF5,00000000,00000000), ref: 00AD29F0
                                                                          • _free.LIBCMT ref: 00ADDAB8
                                                                          • _free.LIBCMT ref: 00ADDACD
                                                                          • _free.LIBCMT ref: 00ADDAD8
                                                                          • _free.LIBCMT ref: 00ADDAFA
                                                                          • _free.LIBCMT ref: 00ADDB0D
                                                                          • _free.LIBCMT ref: 00ADDB1B
                                                                          • _free.LIBCMT ref: 00ADDB26
                                                                          • _free.LIBCMT ref: 00ADDB5E
                                                                          • _free.LIBCMT ref: 00ADDB65
                                                                          • _free.LIBCMT ref: 00ADDB82
                                                                          • _free.LIBCMT ref: 00ADDB9A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                          • String ID:
                                                                          • API String ID: 161543041-0
                                                                          • Opcode ID: 7d28868e338698166caf376ad6b48eaa2fa987d1074762d58f3180a8002ef85c
                                                                          • Instruction ID: 4f7ea926a543a2a22f8b4991ce06f929a89b876ca3ef31f9d3908f1a7f405a2e
                                                                          • Opcode Fuzzy Hash: 7d28868e338698166caf376ad6b48eaa2fa987d1074762d58f3180a8002ef85c
                                                                          • Instruction Fuzzy Hash: 3A315A326046049FEB21AB38E945B6A7BE8FF50354F15841BE45ADB3A1DA30AC40DB20
                                                                          APIs
                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00B0369C
                                                                          • _wcslen.LIBCMT ref: 00B036A7
                                                                          • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00B03797
                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00B0380C
                                                                          • GetDlgCtrlID.USER32(?), ref: 00B0385D
                                                                          • GetWindowRect.USER32(?,?), ref: 00B03882
                                                                          • GetParent.USER32(?), ref: 00B038A0
                                                                          • ScreenToClient.USER32(00000000), ref: 00B038A7
                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00B03921
                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00B0395D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                          • String ID: %s%u
                                                                          • API String ID: 4010501982-679674701
                                                                          • Opcode ID: bb13e75ea2ecd9de6f3aa2dd08180aecc06a38c2e661d21e8bb538420651b2de
                                                                          • Instruction ID: d87411b69691b57a733e6b8f332d6a792b65c927e41bb804f83287298f2b101b
                                                                          • Opcode Fuzzy Hash: bb13e75ea2ecd9de6f3aa2dd08180aecc06a38c2e661d21e8bb538420651b2de
                                                                          • Instruction Fuzzy Hash: 4E91AC71204706AFD718DF64C889FAABBECFF44750F108669F99A92190DB30EA45CB91
                                                                          APIs
                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00B04994
                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00B049DA
                                                                          • _wcslen.LIBCMT ref: 00B049EB
                                                                          • CharUpperBuffW.USER32(?,00000000), ref: 00B049F7
                                                                          • _wcsstr.LIBVCRUNTIME ref: 00B04A2C
                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00B04A64
                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00B04A9D
                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00B04AE6
                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00B04B20
                                                                          • GetWindowRect.USER32(?,?), ref: 00B04B8B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                          • String ID: ThumbnailClass
                                                                          • API String ID: 1311036022-1241985126
                                                                          • Opcode ID: 3cf442bf880fa8f2a27a266d47d91161cf3eb6176b01841d20cedd43aae2c0e4
                                                                          • Instruction ID: 13bc76ba7465fb4f9f6cb2eed9a592567795b8f3cd96ee23bb977ab9810058b4
                                                                          • Opcode Fuzzy Hash: 3cf442bf880fa8f2a27a266d47d91161cf3eb6176b01841d20cedd43aae2c0e4
                                                                          • Instruction Fuzzy Hash: E7919AB21082059FDB14DF14C985BAA7BE8FF84314F0484A9FE859A1D6EB30ED45CBA1
                                                                          APIs
                                                                            • Part of subcall function 00AB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00AB9BB2
                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B38D5A
                                                                          • GetFocus.USER32 ref: 00B38D6A
                                                                          • GetDlgCtrlID.USER32(00000000), ref: 00B38D75
                                                                          • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00B38E1D
                                                                          • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00B38ECF
                                                                          • GetMenuItemCount.USER32(?), ref: 00B38EEC
                                                                          • GetMenuItemID.USER32(?,00000000), ref: 00B38EFC
                                                                          • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00B38F2E
                                                                          • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00B38F70
                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00B38FA1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                          • String ID: 0
                                                                          • API String ID: 1026556194-4108050209
                                                                          • Opcode ID: 0484e75ab213c25843f141d937d6352659801d35cd6b8d80d33da9faa79ab523
                                                                          • Instruction ID: eb332ce1efe2d041a585da8d0ffa6cc87be4f909898e1caf531ba39e88c816d5
                                                                          • Opcode Fuzzy Hash: 0484e75ab213c25843f141d937d6352659801d35cd6b8d80d33da9faa79ab523
                                                                          • Instruction Fuzzy Hash: B281B1715043119FDB10DF24D885AAB7BE9FF88314F24099DF99997291DF30D905CBA2
                                                                          APIs
                                                                          • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00B0DC20
                                                                          • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00B0DC46
                                                                          • _wcslen.LIBCMT ref: 00B0DC50
                                                                          • _wcsstr.LIBVCRUNTIME ref: 00B0DCA0
                                                                          • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00B0DCBC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                          • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                          • API String ID: 1939486746-1459072770
                                                                          • Opcode ID: 82b987b5d3fbab9240d558d2e738e59f70a1075c36792be4d9f82ab5e97e819a
                                                                          • Instruction ID: 901ebf4162676aef8f2f443ad2bfb7f31f8f463b339a937e820101e649da0c63
                                                                          • Opcode Fuzzy Hash: 82b987b5d3fbab9240d558d2e738e59f70a1075c36792be4d9f82ab5e97e819a
                                                                          • Instruction Fuzzy Hash: B441F2329402047AEB14A7B49D47FFF7BACEF45750F2401AAF900A71D2EB74DA0197A4
                                                                          APIs
                                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B2CC64
                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00B2CC8D
                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B2CD48
                                                                            • Part of subcall function 00B2CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00B2CCAA
                                                                            • Part of subcall function 00B2CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00B2CCBD
                                                                            • Part of subcall function 00B2CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B2CCCF
                                                                            • Part of subcall function 00B2CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B2CD05
                                                                            • Part of subcall function 00B2CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B2CD28
                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B2CCF3
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                          • API String ID: 2734957052-4033151799
                                                                          • Opcode ID: dbdb6772e94360bca0512b998d7fe2a87159f2a24b02cc5bc1937023009a40d5
                                                                          • Instruction ID: 7838cb6903a5f924481f965fa6745113aac2bde0cab1f578c7bcdeff596d1f3a
                                                                          • Opcode Fuzzy Hash: dbdb6772e94360bca0512b998d7fe2a87159f2a24b02cc5bc1937023009a40d5
                                                                          • Instruction Fuzzy Hash: F5316075901129BBD7208BA5EC88EFFBFBCEF45750F1001A5A909E3150DB749E459BE0
                                                                          APIs
                                                                          • timeGetTime.WINMM ref: 00B0E6B4
                                                                            • Part of subcall function 00ABE551: timeGetTime.WINMM(?,?,00B0E6D4), ref: 00ABE555
                                                                          • Sleep.KERNEL32(0000000A), ref: 00B0E6E1
                                                                          • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00B0E705
                                                                          • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00B0E727
                                                                          • SetActiveWindow.USER32 ref: 00B0E746
                                                                          • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00B0E754
                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00B0E773
                                                                          • Sleep.KERNEL32(000000FA), ref: 00B0E77E
                                                                          • IsWindow.USER32 ref: 00B0E78A
                                                                          • EndDialog.USER32(00000000), ref: 00B0E79B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                          • String ID: BUTTON
                                                                          • API String ID: 1194449130-3405671355
                                                                          • Opcode ID: 24b03a8f9b61b2a2876aa5b0f947e0779a1aaac1eb35363b9d15875d4bce698c
                                                                          • Instruction ID: 134fef3bd5e57064a0d82d657ebb500ffa495942e30be31bd69149f261ee88fe
                                                                          • Opcode Fuzzy Hash: 24b03a8f9b61b2a2876aa5b0f947e0779a1aaac1eb35363b9d15875d4bce698c
                                                                          • Instruction Fuzzy Hash: 63215471200205AFEB116F64EC8AA293FA9F755749F241865F52AA31F1DF71DC409B24
                                                                          APIs
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                          • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00B0EA5D
                                                                          • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00B0EA73
                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B0EA84
                                                                          • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00B0EA96
                                                                          • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00B0EAA7
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: SendString$_wcslen
                                                                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                          • API String ID: 2420728520-1007645807
                                                                          • Opcode ID: 7122108443f9f6c199f71323e5dbea2d301efdf5dfb55cc6216644563e9bae7c
                                                                          • Instruction ID: 34f1d5f25e7704b4683ed99ae1c28e211296c9194f21ca2ebad29ca7d2c17a18
                                                                          • Opcode Fuzzy Hash: 7122108443f9f6c199f71323e5dbea2d301efdf5dfb55cc6216644563e9bae7c
                                                                          • Instruction Fuzzy Hash: A5115131A5021979D720A7A2DD4ADFF6BBCEBDAB40F0408A97811A70E1EFB04905C9B0
                                                                          APIs
                                                                          • GetDlgItem.USER32(?,00000001), ref: 00B05CE2
                                                                          • GetWindowRect.USER32(00000000,?), ref: 00B05CFB
                                                                          • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00B05D59
                                                                          • GetDlgItem.USER32(?,00000002), ref: 00B05D69
                                                                          • GetWindowRect.USER32(00000000,?), ref: 00B05D7B
                                                                          • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00B05DCF
                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00B05DDD
                                                                          • GetWindowRect.USER32(00000000,?), ref: 00B05DEF
                                                                          • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00B05E31
                                                                          • GetDlgItem.USER32(?,000003EA), ref: 00B05E44
                                                                          • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00B05E5A
                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00B05E67
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$ItemMoveRect$Invalidate
                                                                          • String ID:
                                                                          • API String ID: 3096461208-0
                                                                          • Opcode ID: f56bda51698071005f64a4fa68896e40125b23875b01baa4f502be37e89438cd
                                                                          • Instruction ID: 92039f89740c11e052a3b3ce1699a35e1c87b415176f78b33361cae9e3203138
                                                                          • Opcode Fuzzy Hash: f56bda51698071005f64a4fa68896e40125b23875b01baa4f502be37e89438cd
                                                                          • Instruction Fuzzy Hash: 3151F0B1A00615AFDB18CFA8DD89AAE7BF5FB48300F248269F915E7690DB709D04CF50
                                                                          APIs
                                                                            • Part of subcall function 00AB8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00AB8BE8,?,00000000,?,?,?,?,00AB8BBA,00000000,?), ref: 00AB8FC5
                                                                          • DestroyWindow.USER32(?), ref: 00AB8C81
                                                                          • KillTimer.USER32(00000000,?,?,?,?,00AB8BBA,00000000,?), ref: 00AB8D1B
                                                                          • DestroyAcceleratorTable.USER32(00000000), ref: 00AF6973
                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00AB8BBA,00000000,?), ref: 00AF69A1
                                                                          • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00AB8BBA,00000000,?), ref: 00AF69B8
                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00AB8BBA,00000000), ref: 00AF69D4
                                                                          • DeleteObject.GDI32(00000000), ref: 00AF69E6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                          • String ID:
                                                                          • API String ID: 641708696-0
                                                                          • Opcode ID: 7fa776ae05e6f1e4e1ebf9f32d40ea767aeab8020c459e3e5de953c065c3f5eb
                                                                          • Instruction ID: 9e5184c6bca5d058a503c63ec44e305c1e782e2a9f043552aa26e96b7fb6f30e
                                                                          • Opcode Fuzzy Hash: 7fa776ae05e6f1e4e1ebf9f32d40ea767aeab8020c459e3e5de953c065c3f5eb
                                                                          • Instruction Fuzzy Hash: F361BB71102604DFCB259F6CCA48BB97BF9FB41312F244919E2469B561CB79AC82DFA0
                                                                          APIs
                                                                            • Part of subcall function 00AB9944: GetWindowLongW.USER32(?,000000EB), ref: 00AB9952
                                                                          • GetSysColor.USER32(0000000F), ref: 00AB9862
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ColorLongWindow
                                                                          • String ID:
                                                                          • API String ID: 259745315-0
                                                                          • Opcode ID: 2156e6dab95dc5c70ba9e2fd449c6e6fa6efb6cdca77c593f57a307b2a55655c
                                                                          • Instruction ID: 0c017c3c925450e6086449b5906cfdd438faef52fff9802296cd533127536131
                                                                          • Opcode Fuzzy Hash: 2156e6dab95dc5c70ba9e2fd449c6e6fa6efb6cdca77c593f57a307b2a55655c
                                                                          • Instruction Fuzzy Hash: 05418131104644AFDB215FB89C85BFE3BB9AB06331F244659FAA6971E2DB319C42DB10
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00AEF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00B09717
                                                                          • LoadStringW.USER32(00000000,?,00AEF7F8,00000001), ref: 00B09720
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                          • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00AEF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00B09742
                                                                          • LoadStringW.USER32(00000000,?,00AEF7F8,00000001), ref: 00B09745
                                                                          • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00B09866
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: HandleLoadModuleString$Message_wcslen
                                                                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                          • API String ID: 747408836-2268648507
                                                                          • Opcode ID: da0383bcc48d3938261fcc2e54a8753ab2eb9fe051fa81db129be2194e554d94
                                                                          • Instruction ID: 4139ed5cd460d3262e3aaf604147a6809ac7ab0b75eb8ad9298be75ca1cb2bf9
                                                                          • Opcode Fuzzy Hash: da0383bcc48d3938261fcc2e54a8753ab2eb9fe051fa81db129be2194e554d94
                                                                          • Instruction Fuzzy Hash: C6410872800219AACF05EBE0CE86EEEB7B8AF56340F604065F505771D2EF256F48CB61
                                                                          APIs
                                                                            • Part of subcall function 00AA6B57: _wcslen.LIBCMT ref: 00AA6B6A
                                                                          • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00B007A2
                                                                          • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00B007BE
                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00B007DA
                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00B00804
                                                                          • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00B0082C
                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00B00837
                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00B0083C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                          • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                          • API String ID: 323675364-22481851
                                                                          • Opcode ID: fc07668b800dea1318cfd2a8df17bd4426455825623cbaf869be8dcbc283386a
                                                                          • Instruction ID: 0d329d0fdb0e625a4cbc2ea10da6bbc89da128973738a71fad3dbbd6cbe19062
                                                                          • Opcode Fuzzy Hash: fc07668b800dea1318cfd2a8df17bd4426455825623cbaf869be8dcbc283386a
                                                                          • Instruction Fuzzy Hash: 9A41F872C10229ABDF15EFA4DD859EEBBB8FF14350F544169E901B71A1EB345E04CBA0
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 00B23C5C
                                                                          • CoInitialize.OLE32(00000000), ref: 00B23C8A
                                                                          • CoUninitialize.OLE32 ref: 00B23C94
                                                                          • _wcslen.LIBCMT ref: 00B23D2D
                                                                          • GetRunningObjectTable.OLE32(00000000,?), ref: 00B23DB1
                                                                          • SetErrorMode.KERNEL32(00000001,00000029), ref: 00B23ED5
                                                                          • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00B23F0E
                                                                          • CoGetObject.OLE32(?,00000000,00B3FB98,?), ref: 00B23F2D
                                                                          • SetErrorMode.KERNEL32(00000000), ref: 00B23F40
                                                                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00B23FC4
                                                                          • VariantClear.OLEAUT32(?), ref: 00B23FD8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                          • String ID:
                                                                          • API String ID: 429561992-0
                                                                          • Opcode ID: 79115baba27a021271bb2c53e8ed6a4f73855f70e2fe01951ed07e8cbd0d59d3
                                                                          • Instruction ID: 4241825de17bf51b2cdedf9fb8b71c111bfbcba3ed644f305fbca5924e040448
                                                                          • Opcode Fuzzy Hash: 79115baba27a021271bb2c53e8ed6a4f73855f70e2fe01951ed07e8cbd0d59d3
                                                                          • Instruction Fuzzy Hash: 65C168716083159FC700DF68D98492BBBE9FF89B44F1049ADF98A9B250DB34EE05CB52
                                                                          APIs
                                                                          • CoInitialize.OLE32(00000000), ref: 00B17AF3
                                                                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00B17B8F
                                                                          • SHGetDesktopFolder.SHELL32(?), ref: 00B17BA3
                                                                          • CoCreateInstance.OLE32(00B3FD08,00000000,00000001,00B66E6C,?), ref: 00B17BEF
                                                                          • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00B17C74
                                                                          • CoTaskMemFree.OLE32(?,?), ref: 00B17CCC
                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00B17D57
                                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00B17D7A
                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00B17D81
                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00B17DD6
                                                                          • CoUninitialize.OLE32 ref: 00B17DDC
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                          • String ID:
                                                                          • API String ID: 2762341140-0
                                                                          • Opcode ID: 7bfae7aac7e4c22c955e61d3d4cf389ac60616660dc2de4d1cc632c5af5c765e
                                                                          • Instruction ID: d5b5dd0354e07b97d52a469ad5ee55c577082fadf399434b1f8e24749558dc1d
                                                                          • Opcode Fuzzy Hash: 7bfae7aac7e4c22c955e61d3d4cf389ac60616660dc2de4d1cc632c5af5c765e
                                                                          • Instruction Fuzzy Hash: 04C11C75A04109AFCB14DFA4D894DAEBBF9FF48314B1484A9E416DB361DB30EE81CB90
                                                                          APIs
                                                                          • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00B35504
                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B35515
                                                                          • CharNextW.USER32(00000158), ref: 00B35544
                                                                          • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00B35585
                                                                          • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00B3559B
                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B355AC
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$CharNext
                                                                          • String ID:
                                                                          • API String ID: 1350042424-0
                                                                          • Opcode ID: c0552a893833cae39d0648b51b11b82e01beb745cdc21e4a3a531e98fbaf2923
                                                                          • Instruction ID: c008b608e4153cbca7ccbb1d10288c2943ed8478218f9de43650e3649e45b911
                                                                          • Opcode Fuzzy Hash: c0552a893833cae39d0648b51b11b82e01beb745cdc21e4a3a531e98fbaf2923
                                                                          • Instruction Fuzzy Hash: 33617D71904608EFDF20DF94CC85AFE7BF9EB09721F204185F925AB291DB749A81DB60
                                                                          APIs
                                                                          • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00AFFAAF
                                                                          • SafeArrayAllocData.OLEAUT32(?), ref: 00AFFB08
                                                                          • VariantInit.OLEAUT32(?), ref: 00AFFB1A
                                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 00AFFB3A
                                                                          • VariantCopy.OLEAUT32(?,?), ref: 00AFFB8D
                                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 00AFFBA1
                                                                          • VariantClear.OLEAUT32(?), ref: 00AFFBB6
                                                                          • SafeArrayDestroyData.OLEAUT32(?), ref: 00AFFBC3
                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00AFFBCC
                                                                          • VariantClear.OLEAUT32(?), ref: 00AFFBDE
                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00AFFBE9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                          • String ID:
                                                                          • API String ID: 2706829360-0
                                                                          • Opcode ID: 9c0d882be65180f2c622fb02c002b73cdeac9e47b3b49ea3c978792474387cd6
                                                                          • Instruction ID: 0873df6aba09529039ea045da70713693a268488fb9f7f44e3b6363b81f4d0db
                                                                          • Opcode Fuzzy Hash: 9c0d882be65180f2c622fb02c002b73cdeac9e47b3b49ea3c978792474387cd6
                                                                          • Instruction Fuzzy Hash: 51412C35A00219AFDB10DFA8D8549BEBBB9FF48354F108069F956A7361DB30E945CBA0
                                                                          APIs
                                                                          • GetKeyboardState.USER32(?), ref: 00B09CA1
                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 00B09D22
                                                                          • GetKeyState.USER32(000000A0), ref: 00B09D3D
                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 00B09D57
                                                                          • GetKeyState.USER32(000000A1), ref: 00B09D6C
                                                                          • GetAsyncKeyState.USER32(00000011), ref: 00B09D84
                                                                          • GetKeyState.USER32(00000011), ref: 00B09D96
                                                                          • GetAsyncKeyState.USER32(00000012), ref: 00B09DAE
                                                                          • GetKeyState.USER32(00000012), ref: 00B09DC0
                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 00B09DD8
                                                                          • GetKeyState.USER32(0000005B), ref: 00B09DEA
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: State$Async$Keyboard
                                                                          • String ID:
                                                                          • API String ID: 541375521-0
                                                                          • Opcode ID: 90ebff0adedc83a53cc04a0868bfb9a75c81d2afd52b98cd30a9744e1554b292
                                                                          • Instruction ID: 44e36c53e1c1886a29d36523499e141d7cb878cf10cd77ff116bb1aabeaeed56
                                                                          • Opcode Fuzzy Hash: 90ebff0adedc83a53cc04a0868bfb9a75c81d2afd52b98cd30a9744e1554b292
                                                                          • Instruction Fuzzy Hash: 0541A8349447C969FF359664C8043B5BEE0EF11344F0481EADAC6575C3DBA59DC8C792
                                                                          APIs
                                                                          • WSAStartup.WSOCK32(00000101,?), ref: 00B205BC
                                                                          • inet_addr.WSOCK32(?), ref: 00B2061C
                                                                          • gethostbyname.WSOCK32(?), ref: 00B20628
                                                                          • IcmpCreateFile.IPHLPAPI ref: 00B20636
                                                                          • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00B206C6
                                                                          • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00B206E5
                                                                          • IcmpCloseHandle.IPHLPAPI(?), ref: 00B207B9
                                                                          • WSACleanup.WSOCK32 ref: 00B207BF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                          • String ID: Ping
                                                                          • API String ID: 1028309954-2246546115
                                                                          • Opcode ID: b44d4c14e252c385ea87424cfcbc743160d182b38699abe6e3ecd80a26168eea
                                                                          • Instruction ID: 8cf38cda3ecf98b7988d841ad342430bc6d59a26b650dad342f0b9c04ff0848c
                                                                          • Opcode Fuzzy Hash: b44d4c14e252c385ea87424cfcbc743160d182b38699abe6e3ecd80a26168eea
                                                                          • Instruction Fuzzy Hash: DE918D356182119FD320EF15D988F1ABBE0EF49318F1485A9F4699B6A3CB30ED45CF91
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$BuffCharLower
                                                                          • String ID: cdecl$none$stdcall$winapi
                                                                          • API String ID: 707087890-567219261
                                                                          • Opcode ID: 9bb7cb0cbfb5988f71200afe2936ae657db64eb6d3b69a110082212a405b61f0
                                                                          • Instruction ID: 147591e9ae92f377a954fdf8f6541026d46c1be025b75ad190b51fe1e3a849d7
                                                                          • Opcode Fuzzy Hash: 9bb7cb0cbfb5988f71200afe2936ae657db64eb6d3b69a110082212a405b61f0
                                                                          • Instruction Fuzzy Hash: 4151C332A011269BCB14EF6CD9909BEB7E5FF65364B2142A9E42AE72C4DF34DD40C790
                                                                          APIs
                                                                          • CoInitialize.OLE32 ref: 00B23774
                                                                          • CoUninitialize.OLE32 ref: 00B2377F
                                                                          • CoCreateInstance.OLE32(?,00000000,00000017,00B3FB78,?), ref: 00B237D9
                                                                          • IIDFromString.OLE32(?,?), ref: 00B2384C
                                                                          • VariantInit.OLEAUT32(?), ref: 00B238E4
                                                                          • VariantClear.OLEAUT32(?), ref: 00B23936
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                          • API String ID: 636576611-1287834457
                                                                          • Opcode ID: c0f7ea92fbb54c4d05135b43229d30434729a5b583de5468f6db4eed81532f1e
                                                                          • Instruction ID: 7cfc4cd6bf232c993c8a79c62dffd5db934eb5fb6ebcaf3537418567bb71e3bf
                                                                          • Opcode Fuzzy Hash: c0f7ea92fbb54c4d05135b43229d30434729a5b583de5468f6db4eed81532f1e
                                                                          • Instruction Fuzzy Hash: EA61C370608311AFD710DF54D888F6EBBE8EF49B14F104889F5899B2A1D774EE48CB92
                                                                          APIs
                                                                          • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00B133CF
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                          • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00B133F0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: LoadString$_wcslen
                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                          • API String ID: 4099089115-3080491070
                                                                          • Opcode ID: b20cec66bfd29f7dbfb12de82d0f046135524d7acd8cc47e8879762852661267
                                                                          • Instruction ID: 05253d418f275b21e94f836b8d27065ee057647b405310bc680147d48da5728e
                                                                          • Opcode Fuzzy Hash: b20cec66bfd29f7dbfb12de82d0f046135524d7acd8cc47e8879762852661267
                                                                          • Instruction Fuzzy Hash: E6517D32900209AADF15EBA0CE42EEEB7B9EF15740F1440A5F405731A2EF252F98DB61
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$BuffCharUpper
                                                                          • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                          • API String ID: 1256254125-769500911
                                                                          • Opcode ID: 848cf60a9244d687d6ac55120a113323ec4dd3578331237e67791018393c51ef
                                                                          • Instruction ID: 7808186bf861b1d33259ba05e571ae80a088ffc3b4f3219d6822ebf950d668c3
                                                                          • Opcode Fuzzy Hash: 848cf60a9244d687d6ac55120a113323ec4dd3578331237e67791018393c51ef
                                                                          • Instruction Fuzzy Hash: 0641A532A001279ACB205F7DC990DBEBFE5EB65B54B2542A9E421D72C4E736CD81C790
                                                                          APIs
                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00B153A0
                                                                          • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00B15416
                                                                          • GetLastError.KERNEL32 ref: 00B15420
                                                                          • SetErrorMode.KERNEL32(00000000,READY), ref: 00B154A7
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Error$Mode$DiskFreeLastSpace
                                                                          • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                          • API String ID: 4194297153-14809454
                                                                          • Opcode ID: 80cef1c4f5e22d4cc427060d6489264125ee65d56c39d30b3f114f59d07f7727
                                                                          • Instruction ID: 6392d5eee1b15aad717b57d33fe3eb11566819b8ebe4d8af1fe80ba6656bc61c
                                                                          • Opcode Fuzzy Hash: 80cef1c4f5e22d4cc427060d6489264125ee65d56c39d30b3f114f59d07f7727
                                                                          • Instruction Fuzzy Hash: 74316B35A00608DFD720DF68C984AEABBF4EB89305F5480A9E4059B396DB75DDC6CB90
                                                                          APIs
                                                                          • CreateMenu.USER32 ref: 00B33C79
                                                                          • SetMenu.USER32(?,00000000), ref: 00B33C88
                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B33D10
                                                                          • IsMenu.USER32(?), ref: 00B33D24
                                                                          • CreatePopupMenu.USER32 ref: 00B33D2E
                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B33D5B
                                                                          • DrawMenuBar.USER32 ref: 00B33D63
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                          • String ID: 0$F
                                                                          • API String ID: 161812096-3044882817
                                                                          • Opcode ID: b0e77bdbf1b7e7bad5afe80fb031d12a0c1b2f0570d7dc902ee8a8f10b9afbf1
                                                                          • Instruction ID: 6fe8ad00208ae50ffb35635246b2cb8ffbd97fc364c551bdc76717f5f055fc24
                                                                          • Opcode Fuzzy Hash: b0e77bdbf1b7e7bad5afe80fb031d12a0c1b2f0570d7dc902ee8a8f10b9afbf1
                                                                          • Instruction Fuzzy Hash: 9B415979A01209EFDB14CFA4D884AAA7BF5FF49750F240069F956A7360DB30AA10CF94
                                                                          APIs
                                                                          • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00B33A9D
                                                                          • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00B33AA0
                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00B33AC7
                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B33AEA
                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00B33B62
                                                                          • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00B33BAC
                                                                          • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00B33BC7
                                                                          • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00B33BE2
                                                                          • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00B33BF6
                                                                          • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00B33C13
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$LongWindow
                                                                          • String ID:
                                                                          • API String ID: 312131281-0
                                                                          • Opcode ID: 1655ac528b4c1f463bb8d73bc40c5c0a2560b1b4337a20d82b35d892d7d9daf7
                                                                          • Instruction ID: 43550e28db9462a36894656565aa91c1de961f7cbab2e63db251fc4337638358
                                                                          • Opcode Fuzzy Hash: 1655ac528b4c1f463bb8d73bc40c5c0a2560b1b4337a20d82b35d892d7d9daf7
                                                                          • Instruction Fuzzy Hash: 9A616C75900248AFDB10DFA8CC81EEE77F8EB09700F204199FA15A72A1D774AE46DB60
                                                                          APIs
                                                                          • GetCurrentThreadId.KERNEL32 ref: 00B0B151
                                                                          • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00B0A1E1,?,00000001), ref: 00B0B165
                                                                          • GetWindowThreadProcessId.USER32(00000000), ref: 00B0B16C
                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00B0A1E1,?,00000001), ref: 00B0B17B
                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00B0B18D
                                                                          • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00B0A1E1,?,00000001), ref: 00B0B1A6
                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00B0A1E1,?,00000001), ref: 00B0B1B8
                                                                          • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00B0A1E1,?,00000001), ref: 00B0B1FD
                                                                          • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00B0A1E1,?,00000001), ref: 00B0B212
                                                                          • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00B0A1E1,?,00000001), ref: 00B0B21D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                          • String ID:
                                                                          • API String ID: 2156557900-0
                                                                          • Opcode ID: bfd8bddcbf874af3358dc645bee2f06710f075fc4120585ad94ca8696072b662
                                                                          • Instruction ID: f828a6efe0b6224f8d315fdc93c481f9b003578d192e98e80f5bc796a1c6e80f
                                                                          • Opcode Fuzzy Hash: bfd8bddcbf874af3358dc645bee2f06710f075fc4120585ad94ca8696072b662
                                                                          • Instruction Fuzzy Hash: 6331BB75500204BFDB109F64DC99F6D7FE9FB61711F204444FA09E72A0DBB49A808F60
                                                                          APIs
                                                                          • _free.LIBCMT ref: 00AD2C94
                                                                            • Part of subcall function 00AD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ADD7D1,00000000,00000000,00000000,00000000,?,00ADD7F8,00000000,00000007,00000000,?,00ADDBF5,00000000), ref: 00AD29DE
                                                                            • Part of subcall function 00AD29C8: GetLastError.KERNEL32(00000000,?,00ADD7D1,00000000,00000000,00000000,00000000,?,00ADD7F8,00000000,00000007,00000000,?,00ADDBF5,00000000,00000000), ref: 00AD29F0
                                                                          • _free.LIBCMT ref: 00AD2CA0
                                                                          • _free.LIBCMT ref: 00AD2CAB
                                                                          • _free.LIBCMT ref: 00AD2CB6
                                                                          • _free.LIBCMT ref: 00AD2CC1
                                                                          • _free.LIBCMT ref: 00AD2CCC
                                                                          • _free.LIBCMT ref: 00AD2CD7
                                                                          • _free.LIBCMT ref: 00AD2CE2
                                                                          • _free.LIBCMT ref: 00AD2CED
                                                                          • _free.LIBCMT ref: 00AD2CFB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                          • String ID:
                                                                          • API String ID: 776569668-0
                                                                          • Opcode ID: fc1f23af8225f1cb4c6a8582a12060def63c37c818515792999fd4dd6b364103
                                                                          • Instruction ID: 93f821a3d387b2fed8cd12f8de1afcb0d2c68ec430a16f332394738d3f068037
                                                                          • Opcode Fuzzy Hash: fc1f23af8225f1cb4c6a8582a12060def63c37c818515792999fd4dd6b364103
                                                                          • Instruction Fuzzy Hash: B311A476500108AFCB02EF54DA92EDD3BA5FF55350F4144A6FA4A9F322DA31EE50EB90
                                                                          APIs
                                                                          • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00AA1459
                                                                          • OleUninitialize.OLE32(?,00000000), ref: 00AA14F8
                                                                          • UnregisterHotKey.USER32(?), ref: 00AA16DD
                                                                          • DestroyWindow.USER32(?), ref: 00AE24B9
                                                                          • FreeLibrary.KERNEL32(?), ref: 00AE251E
                                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00AE254B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                          • String ID: close all
                                                                          • API String ID: 469580280-3243417748
                                                                          • Opcode ID: fced5c7d3dd660b234aec750a1a0671ca3b258ecf757916b2f25d58f79cfd709
                                                                          • Instruction ID: 5eaeedd0336d3ca2c26e45156f75d4377fb5a087b4768604f0b43b38e8bb9ac2
                                                                          • Opcode Fuzzy Hash: fced5c7d3dd660b234aec750a1a0671ca3b258ecf757916b2f25d58f79cfd709
                                                                          • Instruction Fuzzy Hash: 65D1A031701212DFDB19EF55CA95B69F7A8BF06700F2542ADE44AAB292DB30ED12CF50
                                                                          APIs
                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00B17FAD
                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00B17FC1
                                                                          • GetFileAttributesW.KERNEL32(?), ref: 00B17FEB
                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00B18005
                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00B18017
                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00B18060
                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00B180B0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentDirectory$AttributesFile
                                                                          • String ID: *.*
                                                                          • API String ID: 769691225-438819550
                                                                          • Opcode ID: 7e52421ff8b9914ce4fab4880e57e7cbc19a4358445ccb82a0a8317a9d49579b
                                                                          • Instruction ID: 8e4486b25b937188d30b5711701bae2e1aa679db66f5d046c74c4731e09fd2f9
                                                                          • Opcode Fuzzy Hash: 7e52421ff8b9914ce4fab4880e57e7cbc19a4358445ccb82a0a8317a9d49579b
                                                                          • Instruction Fuzzy Hash: FC8191725482459BCB20EF54C8849EEB7E8FF89310F9448AEF885D7250DF35DD858B92
                                                                          APIs
                                                                          • SetWindowLongW.USER32(?,000000EB), ref: 00AA5C7A
                                                                            • Part of subcall function 00AA5D0A: GetClientRect.USER32(?,?), ref: 00AA5D30
                                                                            • Part of subcall function 00AA5D0A: GetWindowRect.USER32(?,?), ref: 00AA5D71
                                                                            • Part of subcall function 00AA5D0A: ScreenToClient.USER32(?,?), ref: 00AA5D99
                                                                          • GetDC.USER32 ref: 00AE46F5
                                                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00AE4708
                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00AE4716
                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00AE472B
                                                                          • ReleaseDC.USER32(?,00000000), ref: 00AE4733
                                                                          • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00AE47C4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                          • String ID: U
                                                                          • API String ID: 4009187628-3372436214
                                                                          • Opcode ID: c8b25a79d1fbb73b852a0011ce745f2a953a636b4e6ef678208368ee458808d5
                                                                          • Instruction ID: 89d5d0fbada04375cd68a8fc7fe77692dd1687571eca60d8b70602d4d8073464
                                                                          • Opcode Fuzzy Hash: c8b25a79d1fbb73b852a0011ce745f2a953a636b4e6ef678208368ee458808d5
                                                                          • Instruction Fuzzy Hash: 1B71F330800245DFCF218F69C984ABA7BB9FF4E360F244269ED555B1AAC7318C81DFA0
                                                                          APIs
                                                                          • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00B135E4
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                          • LoadStringW.USER32(00B72390,?,00000FFF,?), ref: 00B1360A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: LoadString$_wcslen
                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                          • API String ID: 4099089115-2391861430
                                                                          • Opcode ID: 52d1df82a5b01fd495d1b6e483bc4cfb911d28b725599e7018b17ff085e01592
                                                                          • Instruction ID: f26487777b1d8bdf11e09a851b55d9fd3c5a3f5355255d67c10a6794628414e5
                                                                          • Opcode Fuzzy Hash: 52d1df82a5b01fd495d1b6e483bc4cfb911d28b725599e7018b17ff085e01592
                                                                          • Instruction Fuzzy Hash: BB515C72800219BADF15EBA0CD42EEEBBB8EF15740F5441A5F105731E2EB311A99DFA1
                                                                          APIs
                                                                            • Part of subcall function 00AB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00AB9BB2
                                                                            • Part of subcall function 00AB912D: GetCursorPos.USER32(?), ref: 00AB9141
                                                                            • Part of subcall function 00AB912D: ScreenToClient.USER32(00000000,?), ref: 00AB915E
                                                                            • Part of subcall function 00AB912D: GetAsyncKeyState.USER32(00000001), ref: 00AB9183
                                                                            • Part of subcall function 00AB912D: GetAsyncKeyState.USER32(00000002), ref: 00AB919D
                                                                          • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00B38B6B
                                                                          • ImageList_EndDrag.COMCTL32 ref: 00B38B71
                                                                          • ReleaseCapture.USER32 ref: 00B38B77
                                                                          • SetWindowTextW.USER32(?,00000000), ref: 00B38C12
                                                                          • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00B38C25
                                                                          • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00B38CFF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                          • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                          • API String ID: 1924731296-2107944366
                                                                          • Opcode ID: 4c9d2807075ffcda2daf65007b2dc118a633cd46e1dcbfe0416cd39a58975ff0
                                                                          • Instruction ID: d425e0d210f15a883bf9f6cfabeae05e8c6ad4c83ea16863b527bf02a15b183c
                                                                          • Opcode Fuzzy Hash: 4c9d2807075ffcda2daf65007b2dc118a633cd46e1dcbfe0416cd39a58975ff0
                                                                          • Instruction Fuzzy Hash: 42518B71104300AFD704DF18DD56FAE77E4FB88714F500A69F956672E1CB70A945CB62
                                                                          APIs
                                                                          • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00B1C272
                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B1C29A
                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00B1C2CA
                                                                          • GetLastError.KERNEL32 ref: 00B1C322
                                                                          • SetEvent.KERNEL32(?), ref: 00B1C336
                                                                          • InternetCloseHandle.WININET(00000000), ref: 00B1C341
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                          • String ID:
                                                                          • API String ID: 3113390036-3916222277
                                                                          • Opcode ID: cbf778069a762725faf658f4a544b648c881a889e92dafbed7f2cd3bba2ccd67
                                                                          • Instruction ID: 8271e2d11ca4e858e3f9677198af3a5510d3cc52218806498244ae4f6589daf9
                                                                          • Opcode Fuzzy Hash: cbf778069a762725faf658f4a544b648c881a889e92dafbed7f2cd3bba2ccd67
                                                                          • Instruction Fuzzy Hash: EE317FB1540204AFD7219FA59C88AEF7FFCEB49744B50855DF456E3200DB30DD849B65
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00AE3AAF,?,?,Bad directive syntax error,00B3CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00B098BC
                                                                          • LoadStringW.USER32(00000000,?,00AE3AAF,?), ref: 00B098C3
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                          • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00B09987
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: HandleLoadMessageModuleString_wcslen
                                                                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                          • API String ID: 858772685-4153970271
                                                                          • Opcode ID: b038935bb5f77bfad3bc5257b4ce12b44b79c92bf7a02db4ed78a028d4005310
                                                                          • Instruction ID: 1c968eb40666d058885000ce93ef3a7ea129c8083ef5a64f8b69b58a4f325e8f
                                                                          • Opcode Fuzzy Hash: b038935bb5f77bfad3bc5257b4ce12b44b79c92bf7a02db4ed78a028d4005310
                                                                          • Instruction Fuzzy Hash: E921603280021AAFCF16AF90CD06EEE7BB9FF19700F044495F515660E2EF759A18DB61
                                                                          APIs
                                                                          • GetParent.USER32 ref: 00B020AB
                                                                          • GetClassNameW.USER32(00000000,?,00000100), ref: 00B020C0
                                                                          • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00B0214D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ClassMessageNameParentSend
                                                                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                          • API String ID: 1290815626-3381328864
                                                                          • Opcode ID: 1d0c2778dd22c003b004193c32c08d0f5fa787481da9d918537f4b7230a065b1
                                                                          • Instruction ID: 29d072581c973372328c6f2fc84c4f58d75490a84719efb22cdb2cf338e03dc9
                                                                          • Opcode Fuzzy Hash: 1d0c2778dd22c003b004193c32c08d0f5fa787481da9d918537f4b7230a065b1
                                                                          • Instruction Fuzzy Hash: CA112976688706B9FA252720DC0FDEA7BDCCF09364F21019AFB04B60E1FE65685A5618
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                          • String ID:
                                                                          • API String ID: 1282221369-0
                                                                          • Opcode ID: 55c049977c8da644a979f64435ea151abcba12bcc1183f7fbc447e6a38053616
                                                                          • Instruction ID: c1044a71d68c50fcbd8b425dfc202f34a0888417eaabe110925f0339e5881e3b
                                                                          • Opcode Fuzzy Hash: 55c049977c8da644a979f64435ea151abcba12bcc1183f7fbc447e6a38053616
                                                                          • Instruction Fuzzy Hash: 2F6147B1904302AFDB21AFB8D985BAD7BA5EF09320F44416FF947A7381EA319D41D790
                                                                          APIs
                                                                          • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00AF6890
                                                                          • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00AF68A9
                                                                          • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00AF68B9
                                                                          • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00AF68D1
                                                                          • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00AF68F2
                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00AB8874,00000000,00000000,00000000,000000FF,00000000), ref: 00AF6901
                                                                          • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00AF691E
                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00AB8874,00000000,00000000,00000000,000000FF,00000000), ref: 00AF692D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                          • String ID:
                                                                          • API String ID: 1268354404-0
                                                                          • Opcode ID: 4a66c713a497472d50b3ffee85125d02b5f7b26bad2e81fef7e714f684aa9a38
                                                                          • Instruction ID: a9cfc17c914954bad923e38aad6c388bceaf9df52a48cc5f8c0ac9eea5d5df33
                                                                          • Opcode Fuzzy Hash: 4a66c713a497472d50b3ffee85125d02b5f7b26bad2e81fef7e714f684aa9a38
                                                                          • Instruction Fuzzy Hash: 29518870600209EFDB20CF68CC95FAE7BB9EF58750F204518FA16A72A0DB74E991DB50
                                                                          APIs
                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00B1C182
                                                                          • GetLastError.KERNEL32 ref: 00B1C195
                                                                          • SetEvent.KERNEL32(?), ref: 00B1C1A9
                                                                            • Part of subcall function 00B1C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00B1C272
                                                                            • Part of subcall function 00B1C253: GetLastError.KERNEL32 ref: 00B1C322
                                                                            • Part of subcall function 00B1C253: SetEvent.KERNEL32(?), ref: 00B1C336
                                                                            • Part of subcall function 00B1C253: InternetCloseHandle.WININET(00000000), ref: 00B1C341
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                          • String ID:
                                                                          • API String ID: 337547030-0
                                                                          • Opcode ID: 70c1be7499fd3bc2c03525a0c1b3d0039f8aca70c1d3810cde15a29543dbd104
                                                                          • Instruction ID: 6f1c422700dedc276d741c4945e671b3bb179b2b3703f69317886cc090fb1eb1
                                                                          • Opcode Fuzzy Hash: 70c1be7499fd3bc2c03525a0c1b3d0039f8aca70c1d3810cde15a29543dbd104
                                                                          • Instruction Fuzzy Hash: 0F317A71280601EFDB219FE5DC48AAABFF9FF18300B50445DF95A93610DB30E9949BA0
                                                                          APIs
                                                                            • Part of subcall function 00B03A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B03A57
                                                                            • Part of subcall function 00B03A3D: GetCurrentThreadId.KERNEL32 ref: 00B03A5E
                                                                            • Part of subcall function 00B03A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00B025B3), ref: 00B03A65
                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B025BD
                                                                          • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00B025DB
                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00B025DF
                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B025E9
                                                                          • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00B02601
                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00B02605
                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B0260F
                                                                          • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00B02623
                                                                          • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00B02627
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                          • String ID:
                                                                          • API String ID: 2014098862-0
                                                                          • Opcode ID: 7ece0f3a2372bf6352220c7aa7a772ad4b25404f36e34a3b9fea6dbe0a9fba20
                                                                          • Instruction ID: ae09bbbb6b563360615e7eb33daebdffbf2da34ae1decd7393d6a5731c4c8311
                                                                          • Opcode Fuzzy Hash: 7ece0f3a2372bf6352220c7aa7a772ad4b25404f36e34a3b9fea6dbe0a9fba20
                                                                          • Instruction Fuzzy Hash: EA01D431390610BBFB1067A89C8EF5D3F99EB4EB12F200001F318BF0E1CDE224449A69
                                                                          APIs
                                                                          • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00B01449,?,?,00000000), ref: 00B0180C
                                                                          • HeapAlloc.KERNEL32(00000000,?,00B01449,?,?,00000000), ref: 00B01813
                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00B01449,?,?,00000000), ref: 00B01828
                                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,00B01449,?,?,00000000), ref: 00B01830
                                                                          • DuplicateHandle.KERNEL32(00000000,?,00B01449,?,?,00000000), ref: 00B01833
                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00B01449,?,?,00000000), ref: 00B01843
                                                                          • GetCurrentProcess.KERNEL32(00B01449,00000000,?,00B01449,?,?,00000000), ref: 00B0184B
                                                                          • DuplicateHandle.KERNEL32(00000000,?,00B01449,?,?,00000000), ref: 00B0184E
                                                                          • CreateThread.KERNEL32(00000000,00000000,00B01874,00000000,00000000,00000000), ref: 00B01868
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                          • String ID:
                                                                          • API String ID: 1957940570-0
                                                                          • Opcode ID: 48a64d5271aa6f866dd6648d23662723e9177888ae2a7e29ffaec21b9cf84c9e
                                                                          • Instruction ID: 90d638d9c879a5c06dc8c3eae28ca26b1a5ee483e77677ad4cd6c2133ba22c4d
                                                                          • Opcode Fuzzy Hash: 48a64d5271aa6f866dd6648d23662723e9177888ae2a7e29ffaec21b9cf84c9e
                                                                          • Instruction Fuzzy Hash: 1F01BBB5240708BFE710ABA5DC4DF6B3FACEB89B11F108411FA05EB1A1CA70D810DB20
                                                                          APIs
                                                                            • Part of subcall function 00B0D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00B0D501
                                                                            • Part of subcall function 00B0D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00B0D50F
                                                                            • Part of subcall function 00B0D4DC: CloseHandle.KERNEL32(00000000), ref: 00B0D5DC
                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B2A16D
                                                                          • GetLastError.KERNEL32 ref: 00B2A180
                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B2A1B3
                                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 00B2A268
                                                                          • GetLastError.KERNEL32(00000000), ref: 00B2A273
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00B2A2C4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                          • String ID: SeDebugPrivilege
                                                                          • API String ID: 2533919879-2896544425
                                                                          • Opcode ID: ac54e404d5877f7f1eed021afd2bf6744b76efcfa6cd9f0dd387e6b4e3cd1fcc
                                                                          • Instruction ID: b64a7699e49730fc8e414259d97ddcee332ee2b2334f93679d8068c5e9db7ba7
                                                                          • Opcode Fuzzy Hash: ac54e404d5877f7f1eed021afd2bf6744b76efcfa6cd9f0dd387e6b4e3cd1fcc
                                                                          • Instruction Fuzzy Hash: 01618E302042529FD720DF18D494F1ABBE5EF45318F18849CE46A9B7A3C776EC49CB92
                                                                          APIs
                                                                          • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00B33925
                                                                          • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00B3393A
                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00B33954
                                                                          • _wcslen.LIBCMT ref: 00B33999
                                                                          • SendMessageW.USER32(?,00001057,00000000,?), ref: 00B339C6
                                                                          • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00B339F4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$Window_wcslen
                                                                          • String ID: SysListView32
                                                                          • API String ID: 2147712094-78025650
                                                                          • Opcode ID: 6836185ec7c77413264cba90a2e8f7a896e93542eb412db1979770f7d0b4a295
                                                                          • Instruction ID: bd2f9f7b345421ccd6f4d283410bfe7642f2413a5586a66d1e6016e3b55fdf54
                                                                          • Opcode Fuzzy Hash: 6836185ec7c77413264cba90a2e8f7a896e93542eb412db1979770f7d0b4a295
                                                                          • Instruction Fuzzy Hash: C741A471A00218ABEB219F64CC45FEF7BE9EF08754F200566F559E7291D7719D80CB90
                                                                          APIs
                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B0BCFD
                                                                          • IsMenu.USER32(00000000), ref: 00B0BD1D
                                                                          • CreatePopupMenu.USER32 ref: 00B0BD53
                                                                          • GetMenuItemCount.USER32(01765F40), ref: 00B0BDA4
                                                                          • InsertMenuItemW.USER32(01765F40,?,00000001,00000030), ref: 00B0BDCC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                          • String ID: 0$2
                                                                          • API String ID: 93392585-3793063076
                                                                          • Opcode ID: 1123c3b771c50165c0605b4afd61c00c34d6726eb868c9cee030da66a4ef763d
                                                                          • Instruction ID: 0225c6be0efb4ea36df9a9bbb03fcab3c49cc55676dad1d34288709793128b96
                                                                          • Opcode Fuzzy Hash: 1123c3b771c50165c0605b4afd61c00c34d6726eb868c9cee030da66a4ef763d
                                                                          • Instruction Fuzzy Hash: 5F518C70A00206EBDB20DFA8D889FAEFFF4EF55354F2482A9E411A72D1D7709945CB61
                                                                          APIs
                                                                          • LoadIconW.USER32(00000000,00007F03), ref: 00B0C913
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: IconLoad
                                                                          • String ID: blank$info$question$stop$warning
                                                                          • API String ID: 2457776203-404129466
                                                                          • Opcode ID: c6ededa03912db855b972d332d83fc185372695c763e1f07eae9bfbc5d6cc6f4
                                                                          • Instruction ID: 88d5aac780fb02eab6c6202d7953c675cab27e1376fcdb2b154d2040858be893
                                                                          • Opcode Fuzzy Hash: c6ededa03912db855b972d332d83fc185372695c763e1f07eae9bfbc5d6cc6f4
                                                                          • Instruction Fuzzy Hash: 9E110A32689306BAE7169B549CC3DBE7FDCDF15354B2041AEF904A62D2E7B49E00526C
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$LocalTime
                                                                          • String ID:
                                                                          • API String ID: 952045576-0
                                                                          • Opcode ID: 56ec14bab143e79aadbec94110c8fd5cce686eed047ebd7595d166b5170922d3
                                                                          • Instruction ID: 3247f654447d2c3f8684a3e6cd09d4effc12cdff20ebc49f54fcf7a485a81278
                                                                          • Opcode Fuzzy Hash: 56ec14bab143e79aadbec94110c8fd5cce686eed047ebd7595d166b5170922d3
                                                                          • Instruction Fuzzy Hash: F341C165C1021875DB51EBF4C98AECFB7ACEF05300F11896AE528E3161FB34E245C3A9
                                                                          APIs
                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00AF682C,00000004,00000000,00000000), ref: 00ABF953
                                                                          • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00AF682C,00000004,00000000,00000000), ref: 00AFF3D1
                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00AF682C,00000004,00000000,00000000), ref: 00AFF454
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ShowWindow
                                                                          • String ID:
                                                                          • API String ID: 1268545403-0
                                                                          • Opcode ID: 51135e7e8abdd0b1b5714c7301af333b78766e71d8bc6b12d8bc2ae30eff240f
                                                                          • Instruction ID: f48f3979648ac037c29d6497a94b66169232784a8ffbed9118fe78df9e0df074
                                                                          • Opcode Fuzzy Hash: 51135e7e8abdd0b1b5714c7301af333b78766e71d8bc6b12d8bc2ae30eff240f
                                                                          • Instruction Fuzzy Hash: BC411A31608680FEC7398B6D8C887BA7FA9AF56314F2C453CF59767562CA31A880D711
                                                                          APIs
                                                                          • DeleteObject.GDI32(00000000), ref: 00B32D1B
                                                                          • GetDC.USER32(00000000), ref: 00B32D23
                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B32D2E
                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00B32D3A
                                                                          • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00B32D76
                                                                          • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00B32D87
                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00B35A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00B32DC2
                                                                          • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00B32DE1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                          • String ID:
                                                                          • API String ID: 3864802216-0
                                                                          • Opcode ID: 3ed0af1975dce459d02d1290a50b2359ad1873ea282ef5f7b63cb98c7ef68467
                                                                          • Instruction ID: 40a4e64328ed3dd48f64b960fd8415447c4070a453b7caac736e89fa700a0223
                                                                          • Opcode Fuzzy Hash: 3ed0af1975dce459d02d1290a50b2359ad1873ea282ef5f7b63cb98c7ef68467
                                                                          • Instruction Fuzzy Hash: 85316D72201614BBEB114F54CC8AFEB3FA9EB09715F144065FE08AB291CA759C50C7A4
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _memcmp
                                                                          • String ID:
                                                                          • API String ID: 2931989736-0
                                                                          • Opcode ID: e16690067118611a3f2b666a306aaab13178921508b502d34b99ff00fdd5234c
                                                                          • Instruction ID: 93830b4aad345ef1e9b9ec060a0ccc2911427af0bd11f485a90adae81c5360ef
                                                                          • Opcode Fuzzy Hash: e16690067118611a3f2b666a306aaab13178921508b502d34b99ff00fdd5234c
                                                                          • Instruction Fuzzy Hash: C8219861B40A097BD62459118F82FBB37DCEE22384F5400A4FD055AAC2F722ED1089A5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: NULL Pointer assignment$Not an Object type
                                                                          • API String ID: 0-572801152
                                                                          • Opcode ID: a74ab0fc7fd1c6ccee7c295e7f740f1f4514adceb482f119502a4d00dac535f6
                                                                          • Instruction ID: 1cbb337eb9e91e4b9e87b80fa500b8761dccb30280b6b426f6cf339ecbec70d5
                                                                          • Opcode Fuzzy Hash: a74ab0fc7fd1c6ccee7c295e7f740f1f4514adceb482f119502a4d00dac535f6
                                                                          • Instruction Fuzzy Hash: 9FD1B371A0061A9FDF20CF98D881BAEB7F5FF48354F1484A9E919AB291E770DD41CB90
                                                                          APIs
                                                                          • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00AE17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00AE15CE
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00AE17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00AE1651
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00AE17FB,?,00AE17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00AE16E4
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00AE17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00AE16FB
                                                                            • Part of subcall function 00AD3820: RtlAllocateHeap.NTDLL(00000000,?,00B71444,?,00ABFDF5,?,?,00AAA976,00000010,00B71440,00AA13FC,?,00AA13C6,?,00AA1129), ref: 00AD3852
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00AE17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00AE1777
                                                                          • __freea.LIBCMT ref: 00AE17A2
                                                                          • __freea.LIBCMT ref: 00AE17AE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                          • String ID:
                                                                          • API String ID: 2829977744-0
                                                                          • Opcode ID: 8e8101046a96f76e49f51ed6cc31997f2f776c02e9bd858d4d7f487bebd6f68e
                                                                          • Instruction ID: 455793d82890471944ff2b22ad155aec0643b6b575f646fe9fb12ea883ea64a7
                                                                          • Opcode Fuzzy Hash: 8e8101046a96f76e49f51ed6cc31997f2f776c02e9bd858d4d7f487bebd6f68e
                                                                          • Instruction Fuzzy Hash: 0D91B572E002A69EDF208FB6CD81EEE7BB5AF49750F184659E812E7181DB35DD40CB60
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ClearInit
                                                                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                          • API String ID: 2610073882-625585964
                                                                          • Opcode ID: ddd4375a3be74d7a33c4d74003ce6df6d954b7a63340992419614f63bce37d81
                                                                          • Instruction ID: cbb9e1edf6777ec79402e0289d338279e369cb6f8bb1618c77b1430283dfa0de
                                                                          • Opcode Fuzzy Hash: ddd4375a3be74d7a33c4d74003ce6df6d954b7a63340992419614f63bce37d81
                                                                          • Instruction Fuzzy Hash: E2917171A00225ABDF20CFA4D884FAEBBF8EF46714F108599F519AB291D7709D45CFA0
                                                                          APIs
                                                                          • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00B1125C
                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00B11284
                                                                          • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00B112A8
                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00B112D8
                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00B1135F
                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00B113C4
                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00B11430
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                          • String ID:
                                                                          • API String ID: 2550207440-0
                                                                          • Opcode ID: 8fe28e226cfdadfaceb4d45a50af66d87ae985131fe55d3055360701f963443b
                                                                          • Instruction ID: 851aa296d78ee741550d45d0284e27618ec102de903c174718b2a80b30412379
                                                                          • Opcode Fuzzy Hash: 8fe28e226cfdadfaceb4d45a50af66d87ae985131fe55d3055360701f963443b
                                                                          • Instruction Fuzzy Hash: A991EF71A00219AFDB00DFA8D884BFEB7F5FF45714F6448A9E600E7291D774A981CB90
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                          • String ID:
                                                                          • API String ID: 3225163088-0
                                                                          • Opcode ID: 7322e70888a30633045cb745656fe2577fe4c70e4027653d2e6427e255633a59
                                                                          • Instruction ID: e6f6722f8762a45557504a901515b8085739183273e059b8a5eac7be9581b4fe
                                                                          • Opcode Fuzzy Hash: 7322e70888a30633045cb745656fe2577fe4c70e4027653d2e6427e255633a59
                                                                          • Instruction Fuzzy Hash: AB912671D40219EFCB14CFA9CD84AEEBBB8FF49320F248155E615B7252D774AA41CB60
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 00B2396B
                                                                          • CharUpperBuffW.USER32(?,?), ref: 00B23A7A
                                                                          • _wcslen.LIBCMT ref: 00B23A8A
                                                                          • VariantClear.OLEAUT32(?), ref: 00B23C1F
                                                                            • Part of subcall function 00B10CDF: VariantInit.OLEAUT32(00000000), ref: 00B10D1F
                                                                            • Part of subcall function 00B10CDF: VariantCopy.OLEAUT32(?,?), ref: 00B10D28
                                                                            • Part of subcall function 00B10CDF: VariantClear.OLEAUT32(?), ref: 00B10D34
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                          • API String ID: 4137639002-1221869570
                                                                          • Opcode ID: 90d3f0a6d41ed2f97e3d519ef835dd2c2c03c52e92c00052fe702a0c4eb1c269
                                                                          • Instruction ID: c698cdb931498e128b36d3608857dab85f8e59ddfc42cd261e6c902d8e529e4d
                                                                          • Opcode Fuzzy Hash: 90d3f0a6d41ed2f97e3d519ef835dd2c2c03c52e92c00052fe702a0c4eb1c269
                                                                          • Instruction Fuzzy Hash: D89179746083119FC700EF24D58496ABBE4FF89714F1489ADF88A9B351DB34EE45CB92
                                                                          APIs
                                                                            • Part of subcall function 00B0000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00AFFF41,80070057,?,?,?,00B0035E), ref: 00B0002B
                                                                            • Part of subcall function 00B0000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00AFFF41,80070057,?,?), ref: 00B00046
                                                                            • Part of subcall function 00B0000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00AFFF41,80070057,?,?), ref: 00B00054
                                                                            • Part of subcall function 00B0000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00AFFF41,80070057,?), ref: 00B00064
                                                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00B24C51
                                                                          • _wcslen.LIBCMT ref: 00B24D59
                                                                          • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00B24DCF
                                                                          • CoTaskMemFree.OLE32(?), ref: 00B24DDA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                          • String ID: NULL Pointer assignment
                                                                          • API String ID: 614568839-2785691316
                                                                          • Opcode ID: 343fe58a6b7e1b7679ddc21cd76f373896007cf069f2444e09077500a51707d0
                                                                          • Instruction ID: dfb54bfc02b64c30e874dea6c2f686290c6f6b778957d43a4d23e75784b59d06
                                                                          • Opcode Fuzzy Hash: 343fe58a6b7e1b7679ddc21cd76f373896007cf069f2444e09077500a51707d0
                                                                          • Instruction Fuzzy Hash: 1C910871D002299FDF14DFA4D891AEEBBB9FF09310F1085A9E519A7291DB349E44CF60
                                                                          APIs
                                                                          • GetMenu.USER32(?), ref: 00B32183
                                                                          • GetMenuItemCount.USER32(00000000), ref: 00B321B5
                                                                          • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00B321DD
                                                                          • _wcslen.LIBCMT ref: 00B32213
                                                                          • GetMenuItemID.USER32(?,?), ref: 00B3224D
                                                                          • GetSubMenu.USER32(?,?), ref: 00B3225B
                                                                            • Part of subcall function 00B03A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B03A57
                                                                            • Part of subcall function 00B03A3D: GetCurrentThreadId.KERNEL32 ref: 00B03A5E
                                                                            • Part of subcall function 00B03A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00B025B3), ref: 00B03A65
                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B322E3
                                                                            • Part of subcall function 00B0E97B: Sleep.KERNEL32 ref: 00B0E9F3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                          • String ID:
                                                                          • API String ID: 4196846111-0
                                                                          • Opcode ID: 69b3d4b3d1670f4df79a452a9a8851bc53823f9ac8e7a34bf65a09f55d3a2098
                                                                          • Instruction ID: 7b458a94339b3426a987cdba00cceea0aabdda17772410e0c6fa498edff7b749
                                                                          • Opcode Fuzzy Hash: 69b3d4b3d1670f4df79a452a9a8851bc53823f9ac8e7a34bf65a09f55d3a2098
                                                                          • Instruction Fuzzy Hash: D4715D75A00215AFCB10DFA4CD85AAEBBF5EF49310F248499E916BB351DB34ED418B90
                                                                          APIs
                                                                          • GetParent.USER32(?), ref: 00B0AEF9
                                                                          • GetKeyboardState.USER32(?), ref: 00B0AF0E
                                                                          • SetKeyboardState.USER32(?), ref: 00B0AF6F
                                                                          • PostMessageW.USER32(?,00000101,00000010,?), ref: 00B0AF9D
                                                                          • PostMessageW.USER32(?,00000101,00000011,?), ref: 00B0AFBC
                                                                          • PostMessageW.USER32(?,00000101,00000012,?), ref: 00B0AFFD
                                                                          • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00B0B020
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                          • String ID:
                                                                          • API String ID: 87235514-0
                                                                          • Opcode ID: a90b80bb5d7a64d95125be7dad75a0373d2312e507836846b6cc53876ee0851e
                                                                          • Instruction ID: ca9d65e746198ee2b6991838d889173d8200c8062a45f5b32730b2be270fa5c2
                                                                          • Opcode Fuzzy Hash: a90b80bb5d7a64d95125be7dad75a0373d2312e507836846b6cc53876ee0851e
                                                                          • Instruction Fuzzy Hash: A15191A1A047D63DFB368334CC45BBABEE99B06304F0889C9E1D9968C2D799ACC4D751
                                                                          APIs
                                                                          • GetParent.USER32(00000000), ref: 00B0AD19
                                                                          • GetKeyboardState.USER32(?), ref: 00B0AD2E
                                                                          • SetKeyboardState.USER32(?), ref: 00B0AD8F
                                                                          • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00B0ADBB
                                                                          • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00B0ADD8
                                                                          • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00B0AE17
                                                                          • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00B0AE38
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                          • String ID:
                                                                          • API String ID: 87235514-0
                                                                          • Opcode ID: 8c9ab3a60bc8eae247920d78df2a905f03f103eea1207cb11db81f739760cdab
                                                                          • Instruction ID: 5272706eb954ee66564b29b57b2f41506da94b43914ae05ed5de94dc82b8370b
                                                                          • Opcode Fuzzy Hash: 8c9ab3a60bc8eae247920d78df2a905f03f103eea1207cb11db81f739760cdab
                                                                          • Instruction Fuzzy Hash: 4051F5A15047D53DFB338334CC95BBABEE8AB46300F1889D9E1D5568C3D694EC88D762
                                                                          APIs
                                                                          • GetConsoleCP.KERNEL32(00AE3CD6,?,?,?,?,?,?,?,?,00AD5BA3,?,?,00AE3CD6,?,?), ref: 00AD5470
                                                                          • __fassign.LIBCMT ref: 00AD54EB
                                                                          • __fassign.LIBCMT ref: 00AD5506
                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00AE3CD6,00000005,00000000,00000000), ref: 00AD552C
                                                                          • WriteFile.KERNEL32(?,00AE3CD6,00000000,00AD5BA3,00000000,?,?,?,?,?,?,?,?,?,00AD5BA3,?), ref: 00AD554B
                                                                          • WriteFile.KERNEL32(?,?,00000001,00AD5BA3,00000000,?,?,?,?,?,?,?,?,?,00AD5BA3,?), ref: 00AD5584
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                          • String ID:
                                                                          • API String ID: 1324828854-0
                                                                          • Opcode ID: 6b85b9d1568926d6c049c18a6998ca5667dab916dd3d6797f8005f3abbcb22ee
                                                                          • Instruction ID: 2b8ec10df840b18c6e83db769abb81dbdb34fc9aafcc9a411c4e5b9fd1bfb3e8
                                                                          • Opcode Fuzzy Hash: 6b85b9d1568926d6c049c18a6998ca5667dab916dd3d6797f8005f3abbcb22ee
                                                                          • Instruction Fuzzy Hash: 1C519FB1E00649AFDB11CFA8E845AEEBBF9EF09300F14411BE556E7391D6309A81CB61
                                                                          APIs
                                                                          • _ValidateLocalCookies.LIBCMT ref: 00AC2D4B
                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00AC2D53
                                                                          • _ValidateLocalCookies.LIBCMT ref: 00AC2DE1
                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00AC2E0C
                                                                          • _ValidateLocalCookies.LIBCMT ref: 00AC2E61
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                          • String ID: csm
                                                                          • API String ID: 1170836740-1018135373
                                                                          • Opcode ID: 2c91d2d525397b86a1af2f51c1f29aa13dab6b7599ba2006369ea66dbe38569e
                                                                          • Instruction ID: dc9e79ef6517f70d5ea39cc0ba616b5d3837b77291360a4ea2becd64bb11cf96
                                                                          • Opcode Fuzzy Hash: 2c91d2d525397b86a1af2f51c1f29aa13dab6b7599ba2006369ea66dbe38569e
                                                                          • Instruction Fuzzy Hash: F441B034A00209ABCF10DF68C845FAEBBB5BF44324F168159E815AB392DB31AA01CBD0
                                                                          APIs
                                                                            • Part of subcall function 00B2304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B2307A
                                                                            • Part of subcall function 00B2304E: _wcslen.LIBCMT ref: 00B2309B
                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00B21112
                                                                          • WSAGetLastError.WSOCK32 ref: 00B21121
                                                                          • WSAGetLastError.WSOCK32 ref: 00B211C9
                                                                          • closesocket.WSOCK32(00000000), ref: 00B211F9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                          • String ID:
                                                                          • API String ID: 2675159561-0
                                                                          • Opcode ID: fd3b2ad505e4fc692fb4c375b487c502e4581f86915e2230f9d4df602cfa72ee
                                                                          • Instruction ID: f22154e089e2441bfb80bae9ceb0df126cf21d90890ab901377dadaf6938e24d
                                                                          • Opcode Fuzzy Hash: fd3b2ad505e4fc692fb4c375b487c502e4581f86915e2230f9d4df602cfa72ee
                                                                          • Instruction Fuzzy Hash: 07410931600214AFDB109F58D885BAEBBE9FF45325F148599FD09AB291C770EE41CBE1
                                                                          APIs
                                                                            • Part of subcall function 00B0DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00B0CF22,?), ref: 00B0DDFD
                                                                            • Part of subcall function 00B0DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00B0CF22,?), ref: 00B0DE16
                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 00B0CF45
                                                                          • MoveFileW.KERNEL32(?,?), ref: 00B0CF7F
                                                                          • _wcslen.LIBCMT ref: 00B0D005
                                                                          • _wcslen.LIBCMT ref: 00B0D01B
                                                                          • SHFileOperationW.SHELL32(?), ref: 00B0D061
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                          • String ID: \*.*
                                                                          • API String ID: 3164238972-1173974218
                                                                          • Opcode ID: aba80addeb87627a7e0834651cf7b13fc9f0b361f3e801e5659ef7d7c4c8ecaf
                                                                          • Instruction ID: 2eb46657a5b075a1b86ea6c79e2f578db0dfb1cb7d70543c583ca6bdbcd1636c
                                                                          • Opcode Fuzzy Hash: aba80addeb87627a7e0834651cf7b13fc9f0b361f3e801e5659ef7d7c4c8ecaf
                                                                          • Instruction Fuzzy Hash: 824117719452195EDF12EFA4D981EDE7BF9EF48380F1001E6E509E7181EF34A648CB51
                                                                          APIs
                                                                          • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00B32E1C
                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00B32E4F
                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00B32E84
                                                                          • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00B32EB6
                                                                          • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 00B32EE0
                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00B32EF1
                                                                          • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00B32F0B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: LongWindow$MessageSend
                                                                          • String ID:
                                                                          • API String ID: 2178440468-0
                                                                          • Opcode ID: 5f1b00fe8916535844a84c7d449041095f867f2ef78b1d08b3096b7a7c20e4ce
                                                                          • Instruction ID: 2581fe25b7047acc6174c5a1830cae6b1d7fff54fe3ebc7754d14c6b8d4b31cd
                                                                          • Opcode Fuzzy Hash: 5f1b00fe8916535844a84c7d449041095f867f2ef78b1d08b3096b7a7c20e4ce
                                                                          • Instruction Fuzzy Hash: 90310635604260AFDB21CF5CDC86F6937E1FB9A710F2501A4FA049F2B1CB71A881DB51
                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B07769
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B0778F
                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00B07792
                                                                          • SysAllocString.OLEAUT32(?), ref: 00B077B0
                                                                          • SysFreeString.OLEAUT32(?), ref: 00B077B9
                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 00B077DE
                                                                          • SysAllocString.OLEAUT32(?), ref: 00B077EC
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                          • String ID:
                                                                          • API String ID: 3761583154-0
                                                                          • Opcode ID: e2b2b138bac7c36efb943af93c9bb3c365b64b666b15e51ece89e8f22bcd8661
                                                                          • Instruction ID: e1ee94b5cd6d62ac54b22666b727b3544ad21a77defc5bfd6fe930f82ec2d9c3
                                                                          • Opcode Fuzzy Hash: e2b2b138bac7c36efb943af93c9bb3c365b64b666b15e51ece89e8f22bcd8661
                                                                          • Instruction Fuzzy Hash: 5F218376A04219BFDB10DFA8CC88CBB7BECEB097A47148065B915DB291DA70ED418764
                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B07842
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B07868
                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00B0786B
                                                                          • SysAllocString.OLEAUT32 ref: 00B0788C
                                                                          • SysFreeString.OLEAUT32 ref: 00B07895
                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 00B078AF
                                                                          • SysAllocString.OLEAUT32(?), ref: 00B078BD
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                          • String ID:
                                                                          • API String ID: 3761583154-0
                                                                          • Opcode ID: 6b016e941be3235da5ad97be13a3f7a40d81ac1240090b746c1d3bc2c5f74f4b
                                                                          • Instruction ID: d4cb4d906aebef2989e1bdbbbd14f62de7d0527941d9aeb639d8984c5e1e9735
                                                                          • Opcode Fuzzy Hash: 6b016e941be3235da5ad97be13a3f7a40d81ac1240090b746c1d3bc2c5f74f4b
                                                                          • Instruction Fuzzy Hash: C9215132A04204BFDB109BE9DC8CDAABBECEB097607148165B915DB2E1DE74EC41CB64
                                                                          APIs
                                                                          • GetStdHandle.KERNEL32(0000000C), ref: 00B104F2
                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00B1052E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CreateHandlePipe
                                                                          • String ID: nul
                                                                          • API String ID: 1424370930-2873401336
                                                                          • Opcode ID: 94516c7d4058a557f031af2dafe14861512c886bb1caf7d70e9c2cc70c6c301d
                                                                          • Instruction ID: 28bbe475bfe018928c521f9be3ce876a7ba0b7cd50919df4fa4da1748b3a38e4
                                                                          • Opcode Fuzzy Hash: 94516c7d4058a557f031af2dafe14861512c886bb1caf7d70e9c2cc70c6c301d
                                                                          • Instruction Fuzzy Hash: FE218071510305ABDB20AF69DC84ADA7BF5EF54724F604A59F8A1E72E0D7B099D0CF20
                                                                          APIs
                                                                          • GetStdHandle.KERNEL32(000000F6), ref: 00B105C6
                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00B10601
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CreateHandlePipe
                                                                          • String ID: nul
                                                                          • API String ID: 1424370930-2873401336
                                                                          • Opcode ID: 8974804eed330a16c4a027634ddadffe1c6ea33d77ec066de09d41cfac87aa62
                                                                          • Instruction ID: acb0116e48c4b6fa42156901fd379b7a24542cb530fe3dad6c3393a755c437a4
                                                                          • Opcode Fuzzy Hash: 8974804eed330a16c4a027634ddadffe1c6ea33d77ec066de09d41cfac87aa62
                                                                          • Instruction Fuzzy Hash: 50219575510305ABDB20AF69DC44ADA77E4FF95720F600A59F8A1E72E0DBF098E0CB10
                                                                          APIs
                                                                            • Part of subcall function 00AA600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00AA604C
                                                                            • Part of subcall function 00AA600E: GetStockObject.GDI32(00000011), ref: 00AA6060
                                                                            • Part of subcall function 00AA600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AA606A
                                                                          • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00B34112
                                                                          • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00B3411F
                                                                          • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00B3412A
                                                                          • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00B34139
                                                                          • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00B34145
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                          • String ID: Msctls_Progress32
                                                                          • API String ID: 1025951953-3636473452
                                                                          • Opcode ID: 55e899c20be77a1795033164afee10e6954bd9579d8e61cb8b196d1bd202b491
                                                                          • Instruction ID: bf5380878b7b8f66134577ee5030cb3c1583f8c7d5b68cc2d8e9cd5e7f8274e7
                                                                          • Opcode Fuzzy Hash: 55e899c20be77a1795033164afee10e6954bd9579d8e61cb8b196d1bd202b491
                                                                          • Instruction Fuzzy Hash: 2A11B2B2140219BEEF118F64CC86EE77FADEF08798F114111FA18A6090CB729C61DBA4
                                                                          APIs
                                                                            • Part of subcall function 00ADD7A3: _free.LIBCMT ref: 00ADD7CC
                                                                          • _free.LIBCMT ref: 00ADD82D
                                                                            • Part of subcall function 00AD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ADD7D1,00000000,00000000,00000000,00000000,?,00ADD7F8,00000000,00000007,00000000,?,00ADDBF5,00000000), ref: 00AD29DE
                                                                            • Part of subcall function 00AD29C8: GetLastError.KERNEL32(00000000,?,00ADD7D1,00000000,00000000,00000000,00000000,?,00ADD7F8,00000000,00000007,00000000,?,00ADDBF5,00000000,00000000), ref: 00AD29F0
                                                                          • _free.LIBCMT ref: 00ADD838
                                                                          • _free.LIBCMT ref: 00ADD843
                                                                          • _free.LIBCMT ref: 00ADD897
                                                                          • _free.LIBCMT ref: 00ADD8A2
                                                                          • _free.LIBCMT ref: 00ADD8AD
                                                                          • _free.LIBCMT ref: 00ADD8B8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                          • String ID:
                                                                          • API String ID: 776569668-0
                                                                          • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                          • Instruction ID: 6cdbb734768161fba9956c197a71fd4a872b6a437e7ebc21e0cb0afb545d4a52
                                                                          • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                          • Instruction Fuzzy Hash: 3B115E71540B04AAD621BFB0CE47FCB7BDCAF50700F400826B29FAA292DA65B6059760
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00B0DA74
                                                                          • LoadStringW.USER32(00000000), ref: 00B0DA7B
                                                                          • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00B0DA91
                                                                          • LoadStringW.USER32(00000000), ref: 00B0DA98
                                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00B0DADC
                                                                          Strings
                                                                          • %s (%d) : ==> %s: %s %s, xrefs: 00B0DAB9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: HandleLoadModuleString$Message
                                                                          • String ID: %s (%d) : ==> %s: %s %s
                                                                          • API String ID: 4072794657-3128320259
                                                                          • Opcode ID: ecfeb51361ddf560d236dd99db0a42c5c2c0c3f1f55ad78048124850a3ef6c88
                                                                          • Instruction ID: dd15663cbec18de05e87314898cfb7a2af0159120ca8b8f1f3faf029ffe4c9c3
                                                                          • Opcode Fuzzy Hash: ecfeb51361ddf560d236dd99db0a42c5c2c0c3f1f55ad78048124850a3ef6c88
                                                                          • Instruction Fuzzy Hash: BA014FF25002087BE7509BE09D89EEA3AACE708701F500495B706F3081EA749E844B74
                                                                          APIs
                                                                          • InterlockedExchange.KERNEL32(0175DA60,0175DA60), ref: 00B1097B
                                                                          • EnterCriticalSection.KERNEL32(0175DA40,00000000), ref: 00B1098D
                                                                          • TerminateThread.KERNEL32(00B74528,000001F6), ref: 00B1099B
                                                                          • WaitForSingleObject.KERNEL32(00B74528,000003E8), ref: 00B109A9
                                                                          • CloseHandle.KERNEL32(00B74528), ref: 00B109B8
                                                                          • InterlockedExchange.KERNEL32(0175DA60,000001F6), ref: 00B109C8
                                                                          • LeaveCriticalSection.KERNEL32(0175DA40), ref: 00B109CF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                          • String ID:
                                                                          • API String ID: 3495660284-0
                                                                          • Opcode ID: 7a2622f824f68ba85b250c1ceec59c0d8c102958dd885c67a74d5c516ea66651
                                                                          • Instruction ID: 18e4c394be1e0fc8fde32a8d461b1e2de032b5fccb07ea40e9f8c248817629e8
                                                                          • Opcode Fuzzy Hash: 7a2622f824f68ba85b250c1ceec59c0d8c102958dd885c67a74d5c516ea66651
                                                                          • Instruction Fuzzy Hash: 4FF0CD31442912BBD7515B94EE89ADA7A65FF05742FA01015F101A18A1CBB594B5CF90
                                                                          APIs
                                                                          • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00B21DC0
                                                                          • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00B21DE1
                                                                          • WSAGetLastError.WSOCK32 ref: 00B21DF2
                                                                          • htons.WSOCK32(?,?,?,?,?), ref: 00B21EDB
                                                                          • inet_ntoa.WSOCK32(?), ref: 00B21E8C
                                                                            • Part of subcall function 00B039E8: _strlen.LIBCMT ref: 00B039F2
                                                                            • Part of subcall function 00B23224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00B1EC0C), ref: 00B23240
                                                                          • _strlen.LIBCMT ref: 00B21F35
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                          • String ID:
                                                                          • API String ID: 3203458085-0
                                                                          • Opcode ID: 49d84c0f2734592f40dec0b5769d8e700da40aaa3b2dfeac59b41e5587518a93
                                                                          • Instruction ID: aec260a1e091ea434cc1c09a12517254d34599033ee16c512cecb56f695936ed
                                                                          • Opcode Fuzzy Hash: 49d84c0f2734592f40dec0b5769d8e700da40aaa3b2dfeac59b41e5587518a93
                                                                          • Instruction Fuzzy Hash: 1CB1F230604310AFC324DF28D995E6A7BE5EF95318F58899CF45A5B2E2CB31ED42CB91
                                                                          APIs
                                                                          • GetClientRect.USER32(?,?), ref: 00AA5D30
                                                                          • GetWindowRect.USER32(?,?), ref: 00AA5D71
                                                                          • ScreenToClient.USER32(?,?), ref: 00AA5D99
                                                                          • GetClientRect.USER32(?,?), ref: 00AA5ED7
                                                                          • GetWindowRect.USER32(?,?), ref: 00AA5EF8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Rect$Client$Window$Screen
                                                                          • String ID:
                                                                          • API String ID: 1296646539-0
                                                                          • Opcode ID: 4dd254c02e144ff957659de75f1157c32164c2495d5edd6e120af96818318f4f
                                                                          • Instruction ID: 94c0df351809f63ef0ee5ec86818efcfb0f2e9963ab6eee85aec14946876219c
                                                                          • Opcode Fuzzy Hash: 4dd254c02e144ff957659de75f1157c32164c2495d5edd6e120af96818318f4f
                                                                          • Instruction Fuzzy Hash: E7B16A35A00A8ADBDB24CFB9C4407EEB7F5FF58310F14841AE8A9D7290DB34AA51DB54
                                                                          APIs
                                                                          • __allrem.LIBCMT ref: 00AD00BA
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AD00D6
                                                                          • __allrem.LIBCMT ref: 00AD00ED
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AD010B
                                                                          • __allrem.LIBCMT ref: 00AD0122
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AD0140
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                          • String ID:
                                                                          • API String ID: 1992179935-0
                                                                          • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                          • Instruction ID: bd662939c6e7712e4ea2a37fbdbf08403bbf1fa4b6f877b96852bb4175e907a1
                                                                          • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                          • Instruction Fuzzy Hash: C681C172A00706AFE720AB69CD41F6A73A9EF41764F25462FF552DB781E770DA008B90
                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00AC82D9,00AC82D9,?,?,?,00AD644F,00000001,00000001,8BE85006), ref: 00AD6258
                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00AD644F,00000001,00000001,8BE85006,?,?,?), ref: 00AD62DE
                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00AD63D8
                                                                          • __freea.LIBCMT ref: 00AD63E5
                                                                            • Part of subcall function 00AD3820: RtlAllocateHeap.NTDLL(00000000,?,00B71444,?,00ABFDF5,?,?,00AAA976,00000010,00B71440,00AA13FC,?,00AA13C6,?,00AA1129), ref: 00AD3852
                                                                          • __freea.LIBCMT ref: 00AD63EE
                                                                          • __freea.LIBCMT ref: 00AD6413
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1414292761-0
                                                                          • Opcode ID: 19656727a0828baeaa3ad340023805f6300bf269d642ec3a76bb9f180e275322
                                                                          • Instruction ID: b8ee12a38b308cf0ef38d70328c6ba615f2af519c33b3e9a9e74d24f71b43b4c
                                                                          • Opcode Fuzzy Hash: 19656727a0828baeaa3ad340023805f6300bf269d642ec3a76bb9f180e275322
                                                                          • Instruction Fuzzy Hash: 6C51E172A00216ABDF258F64DD81EAF7BA9EF44750F15462AFC06DB241DB34DC44D660
                                                                          APIs
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                            • Part of subcall function 00B2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B2B6AE,?,?), ref: 00B2C9B5
                                                                            • Part of subcall function 00B2C998: _wcslen.LIBCMT ref: 00B2C9F1
                                                                            • Part of subcall function 00B2C998: _wcslen.LIBCMT ref: 00B2CA68
                                                                            • Part of subcall function 00B2C998: _wcslen.LIBCMT ref: 00B2CA9E
                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B2BCCA
                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B2BD25
                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00B2BD6A
                                                                          • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00B2BD99
                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B2BDF3
                                                                          • RegCloseKey.ADVAPI32(?), ref: 00B2BDFF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                          • String ID:
                                                                          • API String ID: 1120388591-0
                                                                          • Opcode ID: 5b7ecd2fdb96fa0897ec241f9e7d050737660b91317d7b2f6d5701d4b1001a5a
                                                                          • Instruction ID: 389cbb8c2f38ea90b726363996101915b6841db320dd75e2d1eeb17259a56302
                                                                          • Opcode Fuzzy Hash: 5b7ecd2fdb96fa0897ec241f9e7d050737660b91317d7b2f6d5701d4b1001a5a
                                                                          • Instruction Fuzzy Hash: AB81AC30208241AFC714DF24D881E6ABBE5FF85348F1489ACF5598B2A2DF31ED45CB92
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(00000035), ref: 00AFF7B9
                                                                          • SysAllocString.OLEAUT32(00000001), ref: 00AFF860
                                                                          • VariantCopy.OLEAUT32(00AFFA64,00000000), ref: 00AFF889
                                                                          • VariantClear.OLEAUT32(00AFFA64), ref: 00AFF8AD
                                                                          • VariantCopy.OLEAUT32(00AFFA64,00000000), ref: 00AFF8B1
                                                                          • VariantClear.OLEAUT32(?), ref: 00AFF8BB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ClearCopy$AllocInitString
                                                                          • String ID:
                                                                          • API String ID: 3859894641-0
                                                                          • Opcode ID: 84418035439939dd330b8bec794fcc2f79be4327b8f60b51a093de974232064f
                                                                          • Instruction ID: ae4e7ae3c25b36fe126912d774ab89a0f604e288b82b96ee7876d628423349d1
                                                                          • Opcode Fuzzy Hash: 84418035439939dd330b8bec794fcc2f79be4327b8f60b51a093de974232064f
                                                                          • Instruction Fuzzy Hash: DF51B635500318BECF24ABE5D8D5B79B3A8EF45710B249467FA05DF292DBB08C40D7A6
                                                                          APIs
                                                                            • Part of subcall function 00AA7620: _wcslen.LIBCMT ref: 00AA7625
                                                                            • Part of subcall function 00AA6B57: _wcslen.LIBCMT ref: 00AA6B6A
                                                                          • GetOpenFileNameW.COMDLG32(00000058), ref: 00B194E5
                                                                          • _wcslen.LIBCMT ref: 00B19506
                                                                          • _wcslen.LIBCMT ref: 00B1952D
                                                                          • GetSaveFileNameW.COMDLG32(00000058), ref: 00B19585
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$FileName$OpenSave
                                                                          • String ID: X
                                                                          • API String ID: 83654149-3081909835
                                                                          • Opcode ID: 28c526c3e22c5461776ae68becba5ce16ae739c1a2f5a1d722bdbdf35b4f0220
                                                                          • Instruction ID: 87c8c2b9237b725ba333b9a32a0edeb118306485bf0acadda23752a494499c69
                                                                          • Opcode Fuzzy Hash: 28c526c3e22c5461776ae68becba5ce16ae739c1a2f5a1d722bdbdf35b4f0220
                                                                          • Instruction Fuzzy Hash: A9E1C0319083418FD724DF24C991AAEB7E5FF85310F1489ADF8999B2A2DB30DD45CB92
                                                                          APIs
                                                                            • Part of subcall function 00AB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00AB9BB2
                                                                          • BeginPaint.USER32(?,?,?), ref: 00AB9241
                                                                          • GetWindowRect.USER32(?,?), ref: 00AB92A5
                                                                          • ScreenToClient.USER32(?,?), ref: 00AB92C2
                                                                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00AB92D3
                                                                          • EndPaint.USER32(?,?,?,?,?), ref: 00AB9321
                                                                          • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00AF71EA
                                                                            • Part of subcall function 00AB9339: BeginPath.GDI32(00000000), ref: 00AB9357
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                          • String ID:
                                                                          • API String ID: 3050599898-0
                                                                          • Opcode ID: baab8c285dc236cc055611b23d5437a6747983517a7f8b012a08dc8aae41cdd1
                                                                          • Instruction ID: e376b96954ac5b109e73b17dd61faa47ce4c2b230ae0fea04d8d55d38d919700
                                                                          • Opcode Fuzzy Hash: baab8c285dc236cc055611b23d5437a6747983517a7f8b012a08dc8aae41cdd1
                                                                          • Instruction Fuzzy Hash: 90418D71104200AFD711DF68C885FBB7BB8EB55320F140669FAA9972B2CB319846DB61
                                                                          APIs
                                                                          • InterlockedExchange.KERNEL32(?,000001F5), ref: 00B1080C
                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00B10847
                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00B10863
                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 00B108DC
                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00B108F3
                                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 00B10921
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                          • String ID:
                                                                          • API String ID: 3368777196-0
                                                                          • Opcode ID: a549be27e69b4cd16af351cc51c13215f134f060839d61f7320a27d183dcfd2f
                                                                          • Instruction ID: 7322cb343e6c08fe5c5e689a0abeb13b11f52bf1a842abcd0bc1b1ee5f435a87
                                                                          • Opcode Fuzzy Hash: a549be27e69b4cd16af351cc51c13215f134f060839d61f7320a27d183dcfd2f
                                                                          • Instruction Fuzzy Hash: 49418D71900205EFDF14AFA4DD85AAA77B9FF04310F1440A9ED04AB297DB74DEA0DBA0
                                                                          APIs
                                                                          • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00AFF3AB,00000000,?,?,00000000,?,00AF682C,00000004,00000000,00000000), ref: 00B3824C
                                                                          • EnableWindow.USER32(00000000,00000000), ref: 00B38272
                                                                          • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00B382D1
                                                                          • ShowWindow.USER32(00000000,00000004), ref: 00B382E5
                                                                          • EnableWindow.USER32(00000000,00000001), ref: 00B3830B
                                                                          • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00B3832F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Show$Enable$MessageSend
                                                                          • String ID:
                                                                          • API String ID: 642888154-0
                                                                          • Opcode ID: 8491bd1fc6e1a381d339ca4d098ec915e422c3dc103b4e49e271f72ab7cd6f10
                                                                          • Instruction ID: 2c5ec1deb5e11c205b087170914ecedad12fc3b272e1bc6c310f3e5710e467dd
                                                                          • Opcode Fuzzy Hash: 8491bd1fc6e1a381d339ca4d098ec915e422c3dc103b4e49e271f72ab7cd6f10
                                                                          • Instruction Fuzzy Hash: 8F418334601744AFDB12CF19DC99BA57BE0FB4A714F2841E9FA085B262CB31A842CF52
                                                                          APIs
                                                                          • IsWindowVisible.USER32(?), ref: 00B04C95
                                                                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00B04CB2
                                                                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00B04CEA
                                                                          • _wcslen.LIBCMT ref: 00B04D08
                                                                          • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00B04D10
                                                                          • _wcsstr.LIBVCRUNTIME ref: 00B04D1A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                          • String ID:
                                                                          • API String ID: 72514467-0
                                                                          • Opcode ID: 75c6068ac645b0f6d024b6e15773cc18cf09a5fa80dff2defa0cf2280821f83a
                                                                          • Instruction ID: d1bdce861d0fb25626cbed6feeed020533ef68e9a78ff6c06e3a906a5348f271
                                                                          • Opcode Fuzzy Hash: 75c6068ac645b0f6d024b6e15773cc18cf09a5fa80dff2defa0cf2280821f83a
                                                                          • Instruction Fuzzy Hash: 6D21F2B2204200BBEB255B69AD4AE7F7FDCDF45750F1081B9F905DB192EB61DC0097A0
                                                                          APIs
                                                                            • Part of subcall function 00AA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AA3A97,?,?,00AA2E7F,?,?,?,00000000), ref: 00AA3AC2
                                                                          • _wcslen.LIBCMT ref: 00B1587B
                                                                          • CoInitialize.OLE32(00000000), ref: 00B15995
                                                                          • CoCreateInstance.OLE32(00B3FCF8,00000000,00000001,00B3FB68,?), ref: 00B159AE
                                                                          • CoUninitialize.OLE32 ref: 00B159CC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                          • String ID: .lnk
                                                                          • API String ID: 3172280962-24824748
                                                                          • Opcode ID: 4feb3de6a24c61ae859986c89c87e06af2e4ceb0e629c1f49ace77e44963e82b
                                                                          • Instruction ID: 844e7375c0cd7473bb951f20f99b6e122d023611b205b7c6b7424fa0a33bec40
                                                                          • Opcode Fuzzy Hash: 4feb3de6a24c61ae859986c89c87e06af2e4ceb0e629c1f49ace77e44963e82b
                                                                          • Instruction Fuzzy Hash: C8D15471608601DFC724DF24C580A6EBBE5EF89710F54889DF88A9B261DB31ED85CB92
                                                                          APIs
                                                                            • Part of subcall function 00B00FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00B00FCA
                                                                            • Part of subcall function 00B00FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00B00FD6
                                                                            • Part of subcall function 00B00FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00B00FE5
                                                                            • Part of subcall function 00B00FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00B00FEC
                                                                            • Part of subcall function 00B00FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00B01002
                                                                          • GetLengthSid.ADVAPI32(?,00000000,00B01335), ref: 00B017AE
                                                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00B017BA
                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00B017C1
                                                                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 00B017DA
                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,00B01335), ref: 00B017EE
                                                                          • HeapFree.KERNEL32(00000000), ref: 00B017F5
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                          • String ID:
                                                                          • API String ID: 3008561057-0
                                                                          • Opcode ID: 17c42430e93e94a151fbde532b3d5411b00fabdfe65f87dcb4e025ccceb3a87f
                                                                          • Instruction ID: e39c49ac4f8ceac8e79d166f3e2e01bc3cbb35e8c9c9e6ffe046bc9a06ab3c63
                                                                          • Opcode Fuzzy Hash: 17c42430e93e94a151fbde532b3d5411b00fabdfe65f87dcb4e025ccceb3a87f
                                                                          • Instruction Fuzzy Hash: C711BEB6500605FFDB18DFA8CC49BAE7FE9EB45355F204898F482A7290CB35AD40DB60
                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00B014FF
                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00B01506
                                                                          • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00B01515
                                                                          • CloseHandle.KERNEL32(00000004), ref: 00B01520
                                                                          • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B0154F
                                                                          • DestroyEnvironmentBlock.USERENV(00000000), ref: 00B01563
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                          • String ID:
                                                                          • API String ID: 1413079979-0
                                                                          • Opcode ID: 8ccf9af51fc2958f50e1fa1abbba18b3a7062eadff2c026fe56306b396f2b5d0
                                                                          • Instruction ID: 062ba48f98698b1e6970369b25e1085fe748ca6221e4aa7d43c8605987076d57
                                                                          • Opcode Fuzzy Hash: 8ccf9af51fc2958f50e1fa1abbba18b3a7062eadff2c026fe56306b396f2b5d0
                                                                          • Instruction Fuzzy Hash: F7114472500209ABDB11CFA8DD49BDE7FA9EB48708F144064FA05A21A0C7718E649B60
                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,?,00AC3379,00AC2FE5), ref: 00AC3390
                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00AC339E
                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00AC33B7
                                                                          • SetLastError.KERNEL32(00000000,?,00AC3379,00AC2FE5), ref: 00AC3409
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastValue___vcrt_
                                                                          • String ID:
                                                                          • API String ID: 3852720340-0
                                                                          • Opcode ID: dc5c6d5caefdcd528137150432eaaff4917ace8cf0c5684b0d8b74db885714cc
                                                                          • Instruction ID: 49c33c85c99fa684014fa417ef24a98491c63c9acd110520660b7265e60143fc
                                                                          • Opcode Fuzzy Hash: dc5c6d5caefdcd528137150432eaaff4917ace8cf0c5684b0d8b74db885714cc
                                                                          • Instruction Fuzzy Hash: EA01D83360D351BEAF152BB47D95F6B2E94EB15379732822DF410862F0EF554D016688
                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,?,00AD5686,00AE3CD6,?,00000000,?,00AD5B6A,?,?,?,?,?,00ACE6D1,?,00B68A48), ref: 00AD2D78
                                                                          • _free.LIBCMT ref: 00AD2DAB
                                                                          • _free.LIBCMT ref: 00AD2DD3
                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,00ACE6D1,?,00B68A48,00000010,00AA4F4A,?,?,00000000,00AE3CD6), ref: 00AD2DE0
                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,00ACE6D1,?,00B68A48,00000010,00AA4F4A,?,?,00000000,00AE3CD6), ref: 00AD2DEC
                                                                          • _abort.LIBCMT ref: 00AD2DF2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$_free$_abort
                                                                          • String ID:
                                                                          • API String ID: 3160817290-0
                                                                          • Opcode ID: 475267bfefeade1e41e22505ef4183352c30c448721f221b58c66fd42227959e
                                                                          • Instruction ID: c54e91e07d85fd802926f749a39a06047081a0f2575a4e33a27810297ed91b6b
                                                                          • Opcode Fuzzy Hash: 475267bfefeade1e41e22505ef4183352c30c448721f221b58c66fd42227959e
                                                                          • Instruction Fuzzy Hash: F1F0A93654460067D71227746D0AB5E39666BF27A1F344417F8A7A33D1EE748901D361
                                                                          APIs
                                                                            • Part of subcall function 00AB9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00AB9693
                                                                            • Part of subcall function 00AB9639: SelectObject.GDI32(?,00000000), ref: 00AB96A2
                                                                            • Part of subcall function 00AB9639: BeginPath.GDI32(?), ref: 00AB96B9
                                                                            • Part of subcall function 00AB9639: SelectObject.GDI32(?,00000000), ref: 00AB96E2
                                                                          • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00B38A4E
                                                                          • LineTo.GDI32(?,00000003,00000000), ref: 00B38A62
                                                                          • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00B38A70
                                                                          • LineTo.GDI32(?,00000000,00000003), ref: 00B38A80
                                                                          • EndPath.GDI32(?), ref: 00B38A90
                                                                          • StrokePath.GDI32(?), ref: 00B38AA0
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                          • String ID:
                                                                          • API String ID: 43455801-0
                                                                          • Opcode ID: a5bb812400ce17985c8499ba01f1a8daf532209704d24b374ba7e080cfd907b8
                                                                          • Instruction ID: 873cf03a549bc195a67fb5b3990a747f52bab3bc1ce7848e2f242fa68114fcdd
                                                                          • Opcode Fuzzy Hash: a5bb812400ce17985c8499ba01f1a8daf532209704d24b374ba7e080cfd907b8
                                                                          • Instruction Fuzzy Hash: 41111B7600014CFFDF129F98DC88EAA7FACEB08350F108052BA19AA1A1CB719D55DFA0
                                                                          APIs
                                                                          • GetDC.USER32(00000000), ref: 00B05218
                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00B05229
                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B05230
                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00B05238
                                                                          • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00B0524F
                                                                          • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00B05261
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CapsDevice$Release
                                                                          • String ID:
                                                                          • API String ID: 1035833867-0
                                                                          • Opcode ID: c58823e0f39782b1732ed2ed2117218cb3c8c7e19fc219584e1700df38a0f295
                                                                          • Instruction ID: 72f6894503cdf0bfd378e1383b8ca2a9914143ea7a4ad117161c6d38e59f0b33
                                                                          • Opcode Fuzzy Hash: c58823e0f39782b1732ed2ed2117218cb3c8c7e19fc219584e1700df38a0f295
                                                                          • Instruction Fuzzy Hash: 0E014F75A00718BBEB109BE59C49A5EBFB8EF48751F144065FA04F7291DA709800CFA0
                                                                          APIs
                                                                          • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00AA1BF4
                                                                          • MapVirtualKeyW.USER32(00000010,00000000), ref: 00AA1BFC
                                                                          • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00AA1C07
                                                                          • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00AA1C12
                                                                          • MapVirtualKeyW.USER32(00000011,00000000), ref: 00AA1C1A
                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00AA1C22
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Virtual
                                                                          • String ID:
                                                                          • API String ID: 4278518827-0
                                                                          • Opcode ID: ab900a3b82fe12a4a4da786696817e433d2923ddcc1ec22fe47ad9fe46c53865
                                                                          • Instruction ID: 01b7055dd971590273a8bee69076f1ac98db2d6d4a9f8f5b7555e5f0cdd218b0
                                                                          • Opcode Fuzzy Hash: ab900a3b82fe12a4a4da786696817e433d2923ddcc1ec22fe47ad9fe46c53865
                                                                          • Instruction Fuzzy Hash: B00167B0902B5ABDE3008F6A8C85B56FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                          APIs
                                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00B0EB30
                                                                          • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00B0EB46
                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 00B0EB55
                                                                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B0EB64
                                                                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B0EB6E
                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B0EB75
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                          • String ID:
                                                                          • API String ID: 839392675-0
                                                                          • Opcode ID: ff690e64e100207956251ddf60e405dce1509e784e7e3b2689d96f21a825dec9
                                                                          • Instruction ID: bc247652eecefb6e0e75e4552daf319cb62300950205f90a5d83f8595c85f31f
                                                                          • Opcode Fuzzy Hash: ff690e64e100207956251ddf60e405dce1509e784e7e3b2689d96f21a825dec9
                                                                          • Instruction Fuzzy Hash: B7F01772240558BBE7215BA29C0EEAF3E7CEBCAB11F104158F611F20919BA05A0197B5
                                                                          APIs
                                                                          • GetClientRect.USER32(?), ref: 00AF7452
                                                                          • SendMessageW.USER32(?,00001328,00000000,?), ref: 00AF7469
                                                                          • GetWindowDC.USER32(?), ref: 00AF7475
                                                                          • GetPixel.GDI32(00000000,?,?), ref: 00AF7484
                                                                          • ReleaseDC.USER32(?,00000000), ref: 00AF7496
                                                                          • GetSysColor.USER32(00000005), ref: 00AF74B0
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                          • String ID:
                                                                          • API String ID: 272304278-0
                                                                          • Opcode ID: 1c9314447502f11d8a58b750f1514aebef845fa338663375d1438d3bcc2bd35b
                                                                          • Instruction ID: 99106892b2df201128ecc39567570ee64cb0d2f2a1f5a0725c84a6f8ccc0238b
                                                                          • Opcode Fuzzy Hash: 1c9314447502f11d8a58b750f1514aebef845fa338663375d1438d3bcc2bd35b
                                                                          • Instruction Fuzzy Hash: 88012831400619EFEB515FA8DC0ABAE7FB5FB04312F610164FA15A31A1CF311E51AB50
                                                                          APIs
                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00B0187F
                                                                          • UnloadUserProfile.USERENV(?,?), ref: 00B0188B
                                                                          • CloseHandle.KERNEL32(?), ref: 00B01894
                                                                          • CloseHandle.KERNEL32(?), ref: 00B0189C
                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00B018A5
                                                                          • HeapFree.KERNEL32(00000000), ref: 00B018AC
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                          • String ID:
                                                                          • API String ID: 146765662-0
                                                                          • Opcode ID: a4d43d665ceef6dc321de0ac2c5324937a76a4edca06a3db73139accc879c4f8
                                                                          • Instruction ID: 1c1a78e2f8e0e4f9274b4f074b83ee7d3b92c2728edcc05a29163456f2b6e241
                                                                          • Opcode Fuzzy Hash: a4d43d665ceef6dc321de0ac2c5324937a76a4edca06a3db73139accc879c4f8
                                                                          • Instruction Fuzzy Hash: D4E0C236004501BBDB015BE1ED0C90ABF29FB49B22B208220F225A2070CF329430EB50
                                                                          APIs
                                                                            • Part of subcall function 00AA7620: _wcslen.LIBCMT ref: 00AA7625
                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B0C6EE
                                                                          • _wcslen.LIBCMT ref: 00B0C735
                                                                          • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B0C79C
                                                                          • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00B0C7CA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ItemMenu$Info_wcslen$Default
                                                                          • String ID: 0
                                                                          • API String ID: 1227352736-4108050209
                                                                          • Opcode ID: 2fb95739d80db7a3472bc8b31986b1ce05a96ed9a0184a99a819414fb0cabe6d
                                                                          • Instruction ID: 2aa2e8bfed0fe14239a31c9c54fe4a1fb840b63ab2c9ba89557199a189c96963
                                                                          • Opcode Fuzzy Hash: 2fb95739d80db7a3472bc8b31986b1ce05a96ed9a0184a99a819414fb0cabe6d
                                                                          • Instruction Fuzzy Hash: 5251BD716043009BD7259F28C985B6A7FE8EB49310F044BADF9A5E31E1DB60DD048B66
                                                                          APIs
                                                                          • ShellExecuteExW.SHELL32(0000003C), ref: 00B2AEA3
                                                                            • Part of subcall function 00AA7620: _wcslen.LIBCMT ref: 00AA7625
                                                                          • GetProcessId.KERNEL32(00000000), ref: 00B2AF38
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00B2AF67
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                          • String ID: <$@
                                                                          • API String ID: 146682121-1426351568
                                                                          • Opcode ID: b901683f4f18fcaf2e3c2b938a0ca0bf9e27a43f451b277f1b06576603ecdd5d
                                                                          • Instruction ID: a824c268e10c2daea0a5f63f8407f84a15e6813815646ee6a534b90f76acd56e
                                                                          • Opcode Fuzzy Hash: b901683f4f18fcaf2e3c2b938a0ca0bf9e27a43f451b277f1b06576603ecdd5d
                                                                          • Instruction Fuzzy Hash: 75718B71A00625DFCB14EF54D584A9EBBF0FF09310F158499E81AAB392CB74ED45CB91
                                                                          APIs
                                                                          • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00B07206
                                                                          • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00B0723C
                                                                          • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00B0724D
                                                                          • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00B072CF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorMode$AddressCreateInstanceProc
                                                                          • String ID: DllGetClassObject
                                                                          • API String ID: 753597075-1075368562
                                                                          • Opcode ID: 12410d4963a71c42a10fd6dc1108f934139b61227331bc896b3434341b5dee7a
                                                                          • Instruction ID: 2568dca1bdbd48fb0aaf6c728c3350373ccb359885f0d1223a0e2f45551581d0
                                                                          • Opcode Fuzzy Hash: 12410d4963a71c42a10fd6dc1108f934139b61227331bc896b3434341b5dee7a
                                                                          • Instruction Fuzzy Hash: 42416071A44204AFDB15CF54C884A9ABFE9EF45350F2580EDBD059F24ADBB0ED44DBA0
                                                                          APIs
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                            • Part of subcall function 00B03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B03CCA
                                                                          • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00B01E66
                                                                          • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00B01E79
                                                                          • SendMessageW.USER32(?,00000189,?,00000000), ref: 00B01EA9
                                                                            • Part of subcall function 00AA6B57: _wcslen.LIBCMT ref: 00AA6B6A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$_wcslen$ClassName
                                                                          • String ID: ComboBox$ListBox
                                                                          • API String ID: 2081771294-1403004172
                                                                          • Opcode ID: fe21b7bfdf6c3297a31f341f21b938325c0ef0579072698294223924780ff6bb
                                                                          • Instruction ID: 03a4e41b4d4a0cd43d231a07d502955cede380c11378e22f7ce26e4fd66b1539
                                                                          • Opcode Fuzzy Hash: fe21b7bfdf6c3297a31f341f21b938325c0ef0579072698294223924780ff6bb
                                                                          • Instruction Fuzzy Hash: A421B771A00104BFDB189BA4DD46CFFBBF9EF46354F144559F815A71E1DB3849069620
                                                                          APIs
                                                                          • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00B32F8D
                                                                          • LoadLibraryW.KERNEL32(?), ref: 00B32F94
                                                                          • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00B32FA9
                                                                          • DestroyWindow.USER32(?), ref: 00B32FB1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                          • String ID: SysAnimate32
                                                                          • API String ID: 3529120543-1011021900
                                                                          • Opcode ID: e4b9b8b92a29ba704b460f81347ec51939bc7a6f2a7f56fb4014fa0328ae9199
                                                                          • Instruction ID: 591929f70b62befe8ebbc598f65501c2a19042f93c8fe69a01b0efb0dcd453d2
                                                                          • Opcode Fuzzy Hash: e4b9b8b92a29ba704b460f81347ec51939bc7a6f2a7f56fb4014fa0328ae9199
                                                                          • Instruction Fuzzy Hash: 62218C72204205ABEB104FA4DC81EBB77FDEB59364F204658FA50E72A0DB71DC919760
                                                                          APIs
                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00AC4D1E,00AD28E9,?,00AC4CBE,00AD28E9,00B688B8,0000000C,00AC4E15,00AD28E9,00000002), ref: 00AC4D8D
                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00AC4DA0
                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00AC4D1E,00AD28E9,?,00AC4CBE,00AD28E9,00B688B8,0000000C,00AC4E15,00AD28E9,00000002,00000000), ref: 00AC4DC3
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                          • API String ID: 4061214504-1276376045
                                                                          • Opcode ID: 022ccf8da6227845dc46c425989fc546c9fb060447dd90414ac2a994d3b659a7
                                                                          • Instruction ID: b696c9dd974dcce193b93b9a819d7a072a1b5bfa7b0e35340d2f714607be7842
                                                                          • Opcode Fuzzy Hash: 022ccf8da6227845dc46c425989fc546c9fb060447dd90414ac2a994d3b659a7
                                                                          • Instruction Fuzzy Hash: 52F03C35A40208BBDB11AB90DC49FAEBFE5EF48751F1101A8E90AB2260CF745E40DB95
                                                                          APIs
                                                                          • LoadLibraryA.KERNEL32 ref: 00AFD3AD
                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00AFD3BF
                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00AFD3E5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Library$AddressFreeLoadProc
                                                                          • String ID: GetSystemWow64DirectoryW$X64
                                                                          • API String ID: 145871493-2590602151
                                                                          • Opcode ID: 80f2cf16ab37110ea8fae3983ef71a483148d84ced53a09634525a8506982667
                                                                          • Instruction ID: 43869acb66e2e55797f1b97375e92dffb65f5e853d1181b1a4536a306daf7a4f
                                                                          • Opcode Fuzzy Hash: 80f2cf16ab37110ea8fae3983ef71a483148d84ced53a09634525a8506982667
                                                                          • Instruction Fuzzy Hash: 8BF02032406A289BE72217908C08ABD3A66AF11B01B648284F706FA115DB30CD40A7D2
                                                                          APIs
                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AA4EDD,?,00B71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AA4E9C
                                                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00AA4EAE
                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00AA4EDD,?,00B71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AA4EC0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Library$AddressFreeLoadProc
                                                                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                          • API String ID: 145871493-3689287502
                                                                          • Opcode ID: db1350036f5b492834b580897108c58df55a135f30b38e9a6a8bc25f890cdecd
                                                                          • Instruction ID: 103af36b1c969c8a6f3faf26b1be44d2b13a9ad3847cf8fc8fbdba541fff14f3
                                                                          • Opcode Fuzzy Hash: db1350036f5b492834b580897108c58df55a135f30b38e9a6a8bc25f890cdecd
                                                                          • Instruction Fuzzy Hash: 87E0CD36A059225BD23217657C18B9F7994AFC7F63B150115FC05F3150DFE4CD0156E0
                                                                          APIs
                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AE3CDE,?,00B71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AA4E62
                                                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00AA4E74
                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00AE3CDE,?,00B71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AA4E87
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Library$AddressFreeLoadProc
                                                                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                          • API String ID: 145871493-1355242751
                                                                          • Opcode ID: ac0a71cc9e70931278bce62e381acb4ba0efd1e4cfe63ba1f83073b1bc1fc6c9
                                                                          • Instruction ID: a055cf9d0303eeb6cce3254395e3e240e30b937ad9d92770c5e2a14bf63626ad
                                                                          • Opcode Fuzzy Hash: ac0a71cc9e70931278bce62e381acb4ba0efd1e4cfe63ba1f83073b1bc1fc6c9
                                                                          • Instruction Fuzzy Hash: 1CD0C236502A215746321B647C18EDF7E98AFCAF113150111F905F31A0CFA0CD0192D0
                                                                          APIs
                                                                          • GetCurrentProcessId.KERNEL32 ref: 00B2A427
                                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00B2A435
                                                                          • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00B2A468
                                                                          • CloseHandle.KERNEL32(?), ref: 00B2A63D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Process$CloseCountersCurrentHandleOpen
                                                                          • String ID:
                                                                          • API String ID: 3488606520-0
                                                                          • Opcode ID: a93e0a2c374a1983c943af571107a37adddae531d60c76042bdf8a0257a35bbb
                                                                          • Instruction ID: 3e0af0f2be96942c91575899bc471b59fad0f4ed3a50b6a91ebcd505098ec123
                                                                          • Opcode Fuzzy Hash: a93e0a2c374a1983c943af571107a37adddae531d60c76042bdf8a0257a35bbb
                                                                          • Instruction Fuzzy Hash: FCA17F71604301AFE720DF24D986F2AB7E5AF84714F14885DF55A9B3D2DBB0EC418B92
                                                                          APIs
                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00B43700), ref: 00ADBB91
                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00B7121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00ADBC09
                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00B71270,000000FF,?,0000003F,00000000,?), ref: 00ADBC36
                                                                          • _free.LIBCMT ref: 00ADBB7F
                                                                            • Part of subcall function 00AD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ADD7D1,00000000,00000000,00000000,00000000,?,00ADD7F8,00000000,00000007,00000000,?,00ADDBF5,00000000), ref: 00AD29DE
                                                                            • Part of subcall function 00AD29C8: GetLastError.KERNEL32(00000000,?,00ADD7D1,00000000,00000000,00000000,00000000,?,00ADD7F8,00000000,00000007,00000000,?,00ADDBF5,00000000,00000000), ref: 00AD29F0
                                                                          • _free.LIBCMT ref: 00ADBD4B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                          • String ID:
                                                                          • API String ID: 1286116820-0
                                                                          • Opcode ID: 11f9192066450353ee29b6e14cf0f9000c273939d42ca14d8559594a82f90a69
                                                                          • Instruction ID: 1f8849aa37457a31fe8258cd1e4e9ca3e86b7384ecc06b6ddbb001ed0a71489b
                                                                          • Opcode Fuzzy Hash: 11f9192066450353ee29b6e14cf0f9000c273939d42ca14d8559594a82f90a69
                                                                          • Instruction Fuzzy Hash: 5951C571910209EFCB10EF699D819AEB7B8FF44350B12466BE456E73A1EF709E409B70
                                                                          APIs
                                                                            • Part of subcall function 00B0DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00B0CF22,?), ref: 00B0DDFD
                                                                            • Part of subcall function 00B0DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00B0CF22,?), ref: 00B0DE16
                                                                            • Part of subcall function 00B0E199: GetFileAttributesW.KERNEL32(?,00B0CF95), ref: 00B0E19A
                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 00B0E473
                                                                          • MoveFileW.KERNEL32(?,?), ref: 00B0E4AC
                                                                          • _wcslen.LIBCMT ref: 00B0E5EB
                                                                          • _wcslen.LIBCMT ref: 00B0E603
                                                                          • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00B0E650
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                          • String ID:
                                                                          • API String ID: 3183298772-0
                                                                          • Opcode ID: bb253a4fc96cacb4c0f0cf0556e1a6daeebf040c3d74fa44a14006a098d9f05f
                                                                          • Instruction ID: c911bcdcf880cc132739f93d2cbecf481410db6a19d91f2217ca4ccdd16b31c1
                                                                          • Opcode Fuzzy Hash: bb253a4fc96cacb4c0f0cf0556e1a6daeebf040c3d74fa44a14006a098d9f05f
                                                                          • Instruction Fuzzy Hash: 67518FB24083449BC724EBA4DC81ADFB7ECEF85340F00496EF59993191EF75E6888766
                                                                          APIs
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                            • Part of subcall function 00B2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B2B6AE,?,?), ref: 00B2C9B5
                                                                            • Part of subcall function 00B2C998: _wcslen.LIBCMT ref: 00B2C9F1
                                                                            • Part of subcall function 00B2C998: _wcslen.LIBCMT ref: 00B2CA68
                                                                            • Part of subcall function 00B2C998: _wcslen.LIBCMT ref: 00B2CA9E
                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B2BAA5
                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B2BB00
                                                                          • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00B2BB63
                                                                          • RegCloseKey.ADVAPI32(?,?), ref: 00B2BBA6
                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00B2BBB3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                          • String ID:
                                                                          • API String ID: 826366716-0
                                                                          • Opcode ID: 3cf25cb6667b478e4dee73232265d4a75ddaeee23e3be25ca14533905c732013
                                                                          • Instruction ID: c7e114d2efdbe20e5973ad91a9e670bde9f0b22da481a263809e5190756ef8cc
                                                                          • Opcode Fuzzy Hash: 3cf25cb6667b478e4dee73232265d4a75ddaeee23e3be25ca14533905c732013
                                                                          • Instruction Fuzzy Hash: 5E61B031208241AFD714DF14D494E2ABBE5FF85348F1489ACF49A8B2A2DF31ED45CB92
                                                                          APIs
                                                                          • VariantInit.OLEAUT32(?), ref: 00B08BCD
                                                                          • VariantClear.OLEAUT32 ref: 00B08C3E
                                                                          • VariantClear.OLEAUT32 ref: 00B08C9D
                                                                          • VariantClear.OLEAUT32(?), ref: 00B08D10
                                                                          • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00B08D3B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$Clear$ChangeInitType
                                                                          • String ID:
                                                                          • API String ID: 4136290138-0
                                                                          • Opcode ID: 69908abc108c5212fa916572fa4e31e4099b87d7e27c27dcc9aee91b183731cd
                                                                          • Instruction ID: 7499b61f8dd7426a7b85e42c30e2c88f3b2880d60fd0bae0ac65b2b95656dcd2
                                                                          • Opcode Fuzzy Hash: 69908abc108c5212fa916572fa4e31e4099b87d7e27c27dcc9aee91b183731cd
                                                                          • Instruction Fuzzy Hash: DB517DB5A00219EFCB10CF58C894AAABBF5FF89310B158669F945DB350E730EA11CF90
                                                                          APIs
                                                                          • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00B18BAE
                                                                          • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00B18BDA
                                                                          • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00B18C32
                                                                          • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00B18C57
                                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00B18C5F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: PrivateProfile$SectionWrite$String
                                                                          • String ID:
                                                                          • API String ID: 2832842796-0
                                                                          • Opcode ID: 9259504b93e714e6d10ea8521218d4fb5d89980c053692f3392f36029c7abac8
                                                                          • Instruction ID: f9dfa906f05f1664f6bc1e1639c1c4c9a2ea795053712e376bf1e94492a661a8
                                                                          • Opcode Fuzzy Hash: 9259504b93e714e6d10ea8521218d4fb5d89980c053692f3392f36029c7abac8
                                                                          • Instruction Fuzzy Hash: CA513035A00215DFCB05DF64C981AAEBBF5FF49314F088498E8496B3A2DB35ED51CB90
                                                                          APIs
                                                                          • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00B28F40
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00B28FD0
                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00B28FEC
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00B29032
                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00B29052
                                                                            • Part of subcall function 00ABF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00B11043,?,7529E610), ref: 00ABF6E6
                                                                            • Part of subcall function 00ABF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00AFFA64,00000000,00000000,?,?,00B11043,?,7529E610,?,00AFFA64), ref: 00ABF70D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                          • String ID:
                                                                          • API String ID: 666041331-0
                                                                          • Opcode ID: e71d1dca02844267b58940b30320eb7e8bb8d7a00a3f07039bec89bd00efa007
                                                                          • Instruction ID: 9ccb41d1a1876f7889c25f5be5005a27cf19f81264294818b1b10c843ea078f0
                                                                          • Opcode Fuzzy Hash: e71d1dca02844267b58940b30320eb7e8bb8d7a00a3f07039bec89bd00efa007
                                                                          • Instruction Fuzzy Hash: 24515C35A01215DFC711DF58D5948AEBBF1FF49314F0884A9E80AAB362DB31ED86CB90
                                                                          APIs
                                                                          • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00B36C33
                                                                          • SetWindowLongW.USER32(?,000000EC,?), ref: 00B36C4A
                                                                          • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00B36C73
                                                                          • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00B1AB79,00000000,00000000), ref: 00B36C98
                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00B36CC7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Long$MessageSendShow
                                                                          • String ID:
                                                                          • API String ID: 3688381893-0
                                                                          • Opcode ID: 91234cc0008848386cca3002039dc43bb952b57b3832f0968bf2e6072b8bef71
                                                                          • Instruction ID: 5f47505625142504154640b57b74b5815ffeb507a9cf18e4519efc24fcfc9a07
                                                                          • Opcode Fuzzy Hash: 91234cc0008848386cca3002039dc43bb952b57b3832f0968bf2e6072b8bef71
                                                                          • Instruction Fuzzy Hash: AB41E635A04104BFDB24CF68CC95FA9BFE4EB09350F6592A8F899A72E0D771ED41CA50
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _free
                                                                          • String ID:
                                                                          • API String ID: 269201875-0
                                                                          • Opcode ID: e7eb7cee21afe6a5b153a8f44983ad240ff86d0b1ee0ebbba56a3b6e4ff1234d
                                                                          • Instruction ID: 49c7f63668ff0a9b79fc3c472bd6293254cec7b52614e969864587b2a4d4ff96
                                                                          • Opcode Fuzzy Hash: e7eb7cee21afe6a5b153a8f44983ad240ff86d0b1ee0ebbba56a3b6e4ff1234d
                                                                          • Instruction Fuzzy Hash: C841B632A00200AFCB24DF78C981B6DB7B5EF99714F154569E516EB391DA31ED01DB80
                                                                          APIs
                                                                          • GetCursorPos.USER32(?), ref: 00AB9141
                                                                          • ScreenToClient.USER32(00000000,?), ref: 00AB915E
                                                                          • GetAsyncKeyState.USER32(00000001), ref: 00AB9183
                                                                          • GetAsyncKeyState.USER32(00000002), ref: 00AB919D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: AsyncState$ClientCursorScreen
                                                                          • String ID:
                                                                          • API String ID: 4210589936-0
                                                                          • Opcode ID: 75ea90d57ef912d3375f15e8942624de2bd4c2561916256da24b674a4c0a88a0
                                                                          • Instruction ID: bf075eb6c8dfd10ba95b2dfc7142a85dbfadb349be22ab327db1b703fbf6b8dc
                                                                          • Opcode Fuzzy Hash: 75ea90d57ef912d3375f15e8942624de2bd4c2561916256da24b674a4c0a88a0
                                                                          • Instruction Fuzzy Hash: CF414D7190850AAADB159FA8D844BFEBB74FF05320F208319F529A72A1CB345954DB51
                                                                          APIs
                                                                          • GetInputState.USER32 ref: 00B138CB
                                                                          • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00B13922
                                                                          • TranslateMessage.USER32(?), ref: 00B1394B
                                                                          • DispatchMessageW.USER32(?), ref: 00B13955
                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B13966
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                          • String ID:
                                                                          • API String ID: 2256411358-0
                                                                          • Opcode ID: 0ba67dfead616cc1ba57ad6c3c10766081e46ab41bfc1063908a74cdeb08f994
                                                                          • Instruction ID: a4e830e2d66bb921c0c3c9e743f437661dd5aa28255e1270a2b4c696b1523622
                                                                          • Opcode Fuzzy Hash: 0ba67dfead616cc1ba57ad6c3c10766081e46ab41bfc1063908a74cdeb08f994
                                                                          • Instruction Fuzzy Hash: 7C31C6705043419EEB35CB789849BF63BE8EB15740F9405E9E467D30A0FBB4AAC5CB21
                                                                          APIs
                                                                          • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00B1C21E,00000000), ref: 00B1CF38
                                                                          • InternetReadFile.WININET(?,00000000,?,?), ref: 00B1CF6F
                                                                          • GetLastError.KERNEL32(?,00000000,?,?,?,00B1C21E,00000000), ref: 00B1CFB4
                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,00B1C21E,00000000), ref: 00B1CFC8
                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,00B1C21E,00000000), ref: 00B1CFF2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                          • String ID:
                                                                          • API String ID: 3191363074-0
                                                                          • Opcode ID: c975f6a93cb7e87df819da7e5dfa191b1cf1c22ca061567dbbe985a73440af4e
                                                                          • Instruction ID: 3a0266afb8d6b4a475814b10db4024c238a539b77040dc654d43021df03cb63b
                                                                          • Opcode Fuzzy Hash: c975f6a93cb7e87df819da7e5dfa191b1cf1c22ca061567dbbe985a73440af4e
                                                                          • Instruction Fuzzy Hash: 1B313A71540205AFDB20DFA5C984AABBFF9EB14354B6044AEF516E3141DB30EE8A9B60
                                                                          APIs
                                                                          • GetWindowRect.USER32(?,?), ref: 00B01915
                                                                          • PostMessageW.USER32(00000001,00000201,00000001), ref: 00B019C1
                                                                          • Sleep.KERNEL32(00000000,?,?,?), ref: 00B019C9
                                                                          • PostMessageW.USER32(00000001,00000202,00000000), ref: 00B019DA
                                                                          • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00B019E2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessagePostSleep$RectWindow
                                                                          • String ID:
                                                                          • API String ID: 3382505437-0
                                                                          • Opcode ID: 847de4d0c25f22cd1b65ecb871533157b62ed02526744cecf1a8f9bf6b32201a
                                                                          • Instruction ID: 1fe31bbc1d37416820057684b7057e08fa8c3857661e5e71080e06d76c3129c3
                                                                          • Opcode Fuzzy Hash: 847de4d0c25f22cd1b65ecb871533157b62ed02526744cecf1a8f9bf6b32201a
                                                                          • Instruction Fuzzy Hash: 2231C071A00219EFCB04CFACCD99ADE3FB5EB45315F108669FA21A72D1C7709945DB90
                                                                          APIs
                                                                          • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00B35745
                                                                          • SendMessageW.USER32(?,00001074,?,00000001), ref: 00B3579D
                                                                          • _wcslen.LIBCMT ref: 00B357AF
                                                                          • _wcslen.LIBCMT ref: 00B357BA
                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B35816
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$_wcslen
                                                                          • String ID:
                                                                          • API String ID: 763830540-0
                                                                          • Opcode ID: 4710f3a895467bb966cf1ddeb9389c26deb780db20c2c186fd2ee5ed3ef70ae9
                                                                          • Instruction ID: 66875b469e4780e3f7782e4d46ac7cd28a65b5b9b632d92b3cc860349ffdd4eb
                                                                          • Opcode Fuzzy Hash: 4710f3a895467bb966cf1ddeb9389c26deb780db20c2c186fd2ee5ed3ef70ae9
                                                                          • Instruction Fuzzy Hash: 55216575904618DADB309FA4DC85AED7BF8FF04724F208296E929EB2C4D7709985CF50
                                                                          APIs
                                                                          • IsWindow.USER32(00000000), ref: 00B20951
                                                                          • GetForegroundWindow.USER32 ref: 00B20968
                                                                          • GetDC.USER32(00000000), ref: 00B209A4
                                                                          • GetPixel.GDI32(00000000,?,00000003), ref: 00B209B0
                                                                          • ReleaseDC.USER32(00000000,00000003), ref: 00B209E8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$ForegroundPixelRelease
                                                                          • String ID:
                                                                          • API String ID: 4156661090-0
                                                                          • Opcode ID: 5b7ffe03b2465619dbfa738b03c369bab33f021ac9da27bb25ca67a49ea7e7d8
                                                                          • Instruction ID: fbefa2ab662b00351e0263bc8ff62bfbd95d5dc4f83b5c1dbd2a4ca8c5ed6c4a
                                                                          • Opcode Fuzzy Hash: 5b7ffe03b2465619dbfa738b03c369bab33f021ac9da27bb25ca67a49ea7e7d8
                                                                          • Instruction Fuzzy Hash: 0B219635600214AFD704EFA9D985A9EBBF5EF49700F148468F84AE7762CB30EC44CB50
                                                                          APIs
                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 00ADCDC6
                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00ADCDE9
                                                                            • Part of subcall function 00AD3820: RtlAllocateHeap.NTDLL(00000000,?,00B71444,?,00ABFDF5,?,?,00AAA976,00000010,00B71440,00AA13FC,?,00AA13C6,?,00AA1129), ref: 00AD3852
                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00ADCE0F
                                                                          • _free.LIBCMT ref: 00ADCE22
                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00ADCE31
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                          • String ID:
                                                                          • API String ID: 336800556-0
                                                                          • Opcode ID: eb50f625e7fc53623fcbb6f430161bb3c5d599feee09d55b4c22a02621933ad4
                                                                          • Instruction ID: 780b3add48663028d4156d4b469affb18eed32ff39e2b15d8dcd8afcdcb705c9
                                                                          • Opcode Fuzzy Hash: eb50f625e7fc53623fcbb6f430161bb3c5d599feee09d55b4c22a02621933ad4
                                                                          • Instruction Fuzzy Hash: B10175B26016167F672117BA6C48D7FBE6DEEC6BB1365012AF906D7301EE618D01D2B0
                                                                          APIs
                                                                          • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00AB9693
                                                                          • SelectObject.GDI32(?,00000000), ref: 00AB96A2
                                                                          • BeginPath.GDI32(?), ref: 00AB96B9
                                                                          • SelectObject.GDI32(?,00000000), ref: 00AB96E2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                          • String ID:
                                                                          • API String ID: 3225163088-0
                                                                          • Opcode ID: 4e94147e625b4881742c937bc6f1e5ab280f5de0b8f709f0d68e1d4f61b2d56a
                                                                          • Instruction ID: b2708fd143ff2b435a4286620f2ab2284bb2e88d75b7a971d7cf876d4e1a6b3b
                                                                          • Opcode Fuzzy Hash: 4e94147e625b4881742c937bc6f1e5ab280f5de0b8f709f0d68e1d4f61b2d56a
                                                                          • Instruction Fuzzy Hash: E3217F31802305EBDB119F6CDC29BEE7BB8BB10315F100616F619A71B2DB705893CBA0
                                                                          APIs
                                                                          • GetSysColor.USER32(00000008), ref: 00AB98CC
                                                                          • SetTextColor.GDI32(?,?), ref: 00AB98D6
                                                                          • SetBkMode.GDI32(?,00000001), ref: 00AB98E9
                                                                          • GetStockObject.GDI32(00000005), ref: 00AB98F1
                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 00AB9952
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Color$LongModeObjectStockTextWindow
                                                                          • String ID:
                                                                          • API String ID: 1860813098-0
                                                                          • Opcode ID: 4308b22a024f02154323d69ca5f3e05c640e3debfa5969d1b5655c41c23cab7f
                                                                          • Instruction ID: c0caf4516d51bef4544a0e8878768d0a789a328dcefab351536017d8a3383a18
                                                                          • Opcode Fuzzy Hash: 4308b22a024f02154323d69ca5f3e05c640e3debfa5969d1b5655c41c23cab7f
                                                                          • Instruction Fuzzy Hash: E111C832146250AFCB128FA5EC5AEEF3F78EB127117140559F642AB5B3CB254991CB50
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _memcmp
                                                                          • String ID:
                                                                          • API String ID: 2931989736-0
                                                                          • Opcode ID: f0fbc94c84a3734daa93cd540428509f4e84a93067815a17c7e37d5c86f415fd
                                                                          • Instruction ID: 87bae541a8ebc7637d4a5f31b36627881209ab9ec1b12b4a5a6d738730a52d2d
                                                                          • Opcode Fuzzy Hash: f0fbc94c84a3734daa93cd540428509f4e84a93067815a17c7e37d5c86f415fd
                                                                          • Instruction Fuzzy Hash: 0701B9B5781605BBD72855109F82FBB77DCEF21398F504064FD049EAC2F760ED1096A1
                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,?,?,00ACF2DE,00AD3863,00B71444,?,00ABFDF5,?,?,00AAA976,00000010,00B71440,00AA13FC,?,00AA13C6), ref: 00AD2DFD
                                                                          • _free.LIBCMT ref: 00AD2E32
                                                                          • _free.LIBCMT ref: 00AD2E59
                                                                          • SetLastError.KERNEL32(00000000,00AA1129), ref: 00AD2E66
                                                                          • SetLastError.KERNEL32(00000000,00AA1129), ref: 00AD2E6F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$_free
                                                                          • String ID:
                                                                          • API String ID: 3170660625-0
                                                                          • Opcode ID: 6ff828ac6400802e9f15e6283322cbbabd10ac7bb289932dd5e5a6d3e1c428a9
                                                                          • Instruction ID: 4a873a25afaffa9ac63104b05ff901ae621a273e1840b2b9573aeaca78779587
                                                                          • Opcode Fuzzy Hash: 6ff828ac6400802e9f15e6283322cbbabd10ac7bb289932dd5e5a6d3e1c428a9
                                                                          • Instruction Fuzzy Hash: 0C01D1366056006B872227756D45F2B3F69ABF13A2B34442BF837A33D2EEB48801C320
                                                                          APIs
                                                                          • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00AFFF41,80070057,?,?,?,00B0035E), ref: 00B0002B
                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00AFFF41,80070057,?,?), ref: 00B00046
                                                                          • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00AFFF41,80070057,?,?), ref: 00B00054
                                                                          • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00AFFF41,80070057,?), ref: 00B00064
                                                                          • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00AFFF41,80070057,?,?), ref: 00B00070
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                          • String ID:
                                                                          • API String ID: 3897988419-0
                                                                          • Opcode ID: c016179a1144cd78d640625da959e6f06c7534a1668aec7cc22abde97fc01f2d
                                                                          • Instruction ID: d3a6a4bc0615d47e2d44f304dfdd2e17540f9929222137d3eef90a1755d06f40
                                                                          • Opcode Fuzzy Hash: c016179a1144cd78d640625da959e6f06c7534a1668aec7cc22abde97fc01f2d
                                                                          • Instruction Fuzzy Hash: BE01A276610208BFDB115FA8DC48BAE7EEDEF44751F248164F905E3250EB71DE408BA0
                                                                          APIs
                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 00B0E997
                                                                          • QueryPerformanceFrequency.KERNEL32(?), ref: 00B0E9A5
                                                                          • Sleep.KERNEL32(00000000), ref: 00B0E9AD
                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 00B0E9B7
                                                                          • Sleep.KERNEL32 ref: 00B0E9F3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                          • String ID:
                                                                          • API String ID: 2833360925-0
                                                                          • Opcode ID: 639467a793eff54dcff6f2137b3f0bc9ab832519d36d9d190d6ea1b199c6c9af
                                                                          • Instruction ID: 4b11a12d4bd0cb563405a2a3524470e6305aa1515887d60a9929813a957728ab
                                                                          • Opcode Fuzzy Hash: 639467a793eff54dcff6f2137b3f0bc9ab832519d36d9d190d6ea1b199c6c9af
                                                                          • Instruction Fuzzy Hash: 4A011731C01A29DBCF00ABE5DD59AEDBFB8FB09701F100996E512B2291CF309654DBA1
                                                                          APIs
                                                                          • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B01114
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,00B00B9B,?,?,?), ref: 00B01120
                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00B00B9B,?,?,?), ref: 00B0112F
                                                                          • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00B00B9B,?,?,?), ref: 00B01136
                                                                          • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B0114D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                          • String ID:
                                                                          • API String ID: 842720411-0
                                                                          • Opcode ID: 87c662245a051cb078a1a5602809ce1cd84daf1fafa677aa46f8ffa075d592a6
                                                                          • Instruction ID: 1771060a834e1b86af07300fcfd135225a71c7b6266757d47b3247147b4ec232
                                                                          • Opcode Fuzzy Hash: 87c662245a051cb078a1a5602809ce1cd84daf1fafa677aa46f8ffa075d592a6
                                                                          • Instruction Fuzzy Hash: 45011979200615FFDB154FA9DC49A6A3FAEEF893A0B204459FA45E73A0DE31DC009B60
                                                                          APIs
                                                                          • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00B00FCA
                                                                          • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00B00FD6
                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00B00FE5
                                                                          • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00B00FEC
                                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00B01002
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                          • String ID:
                                                                          • API String ID: 44706859-0
                                                                          • Opcode ID: 857c5f7680773c4d9e13ebe345748454a2469bc80579a48e5086d94e3ff1a02a
                                                                          • Instruction ID: 4ab8a7ab56a51bd17df94bdefefcd5c6a5594f806dbfb128eb91ade97e0ee0cf
                                                                          • Opcode Fuzzy Hash: 857c5f7680773c4d9e13ebe345748454a2469bc80579a48e5086d94e3ff1a02a
                                                                          • Instruction Fuzzy Hash: 37F04939200301BBDB264FA89C49F5A3FADEF89762F204854FA85E7291DE70DC508B60
                                                                          APIs
                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00B0102A
                                                                          • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00B01036
                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B01045
                                                                          • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00B0104C
                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B01062
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                          • String ID:
                                                                          • API String ID: 44706859-0
                                                                          • Opcode ID: 08bb8aa7c873bb9854415df66526cfde67cde419e0fde532cf847aed6fc3e649
                                                                          • Instruction ID: 035601ad5c0324475d5dddc260bb1325bfbead68cabaf4d2844b1e1ed01c305c
                                                                          • Opcode Fuzzy Hash: 08bb8aa7c873bb9854415df66526cfde67cde419e0fde532cf847aed6fc3e649
                                                                          • Instruction Fuzzy Hash: 29F04939200301BFDB255FA8EC49F5A3FADEF89761F200814FA85E7290DE70D8508B60
                                                                          APIs
                                                                          • CloseHandle.KERNEL32(?,?,?,?,00B1017D,?,00B132FC,?,00000001,00AE2592,?), ref: 00B10324
                                                                          • CloseHandle.KERNEL32(?,?,?,?,00B1017D,?,00B132FC,?,00000001,00AE2592,?), ref: 00B10331
                                                                          • CloseHandle.KERNEL32(?,?,?,?,00B1017D,?,00B132FC,?,00000001,00AE2592,?), ref: 00B1033E
                                                                          • CloseHandle.KERNEL32(?,?,?,?,00B1017D,?,00B132FC,?,00000001,00AE2592,?), ref: 00B1034B
                                                                          • CloseHandle.KERNEL32(?,?,?,?,00B1017D,?,00B132FC,?,00000001,00AE2592,?), ref: 00B10358
                                                                          • CloseHandle.KERNEL32(?,?,?,?,00B1017D,?,00B132FC,?,00000001,00AE2592,?), ref: 00B10365
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle
                                                                          • String ID:
                                                                          • API String ID: 2962429428-0
                                                                          • Opcode ID: c39bbd742e3ae23b1bf95113c1bb4ecac39c3d3c45b65a00d675c0f45b8f4512
                                                                          • Instruction ID: 755911c0ae0b95c671ff4a2ab7f0f24ecc9145cfdcabaf408a538f302853cf6f
                                                                          • Opcode Fuzzy Hash: c39bbd742e3ae23b1bf95113c1bb4ecac39c3d3c45b65a00d675c0f45b8f4512
                                                                          • Instruction Fuzzy Hash: E201EE72800B019FCB30AF66E880842FBF9FF643053148A3FD1A252930C3B0A999CF84
                                                                          APIs
                                                                          • _free.LIBCMT ref: 00ADD752
                                                                            • Part of subcall function 00AD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ADD7D1,00000000,00000000,00000000,00000000,?,00ADD7F8,00000000,00000007,00000000,?,00ADDBF5,00000000), ref: 00AD29DE
                                                                            • Part of subcall function 00AD29C8: GetLastError.KERNEL32(00000000,?,00ADD7D1,00000000,00000000,00000000,00000000,?,00ADD7F8,00000000,00000007,00000000,?,00ADDBF5,00000000,00000000), ref: 00AD29F0
                                                                          • _free.LIBCMT ref: 00ADD764
                                                                          • _free.LIBCMT ref: 00ADD776
                                                                          • _free.LIBCMT ref: 00ADD788
                                                                          • _free.LIBCMT ref: 00ADD79A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                          • String ID:
                                                                          • API String ID: 776569668-0
                                                                          • Opcode ID: 66ab9a0cfb7402804fd95cd45db0dfa22f41c7409606008875abadeb1b58bbdb
                                                                          • Instruction ID: 5e2360da156aa8fe7c8cb22b05ce717c8d25e723b2d966f529ca27d725ae0947
                                                                          • Opcode Fuzzy Hash: 66ab9a0cfb7402804fd95cd45db0dfa22f41c7409606008875abadeb1b58bbdb
                                                                          • Instruction Fuzzy Hash: D5F03632544204AB8625EB64FAC5D267BDDBB94750B940C47F09EE7781CB74FC80CB64
                                                                          APIs
                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00B05C58
                                                                          • GetWindowTextW.USER32(00000000,?,00000100), ref: 00B05C6F
                                                                          • MessageBeep.USER32(00000000), ref: 00B05C87
                                                                          • KillTimer.USER32(?,0000040A), ref: 00B05CA3
                                                                          • EndDialog.USER32(?,00000001), ref: 00B05CBD
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                          • String ID:
                                                                          • API String ID: 3741023627-0
                                                                          • Opcode ID: 5120f64f02baf92bd14eeba76f555408d0eed5e682d497b10f36ed77d5376cd4
                                                                          • Instruction ID: f56ff2cfecac37cd53b6cf10396f1a066f08578c0f1d9861d8dbaf757d9b7dc0
                                                                          • Opcode Fuzzy Hash: 5120f64f02baf92bd14eeba76f555408d0eed5e682d497b10f36ed77d5376cd4
                                                                          • Instruction Fuzzy Hash: 9801FB31500B04ABFB315B50DE8EFAA7FA8EB04B45F141599A582A24E1DBB4A9848F90
                                                                          APIs
                                                                          • _free.LIBCMT ref: 00AD22BE
                                                                            • Part of subcall function 00AD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00ADD7D1,00000000,00000000,00000000,00000000,?,00ADD7F8,00000000,00000007,00000000,?,00ADDBF5,00000000), ref: 00AD29DE
                                                                            • Part of subcall function 00AD29C8: GetLastError.KERNEL32(00000000,?,00ADD7D1,00000000,00000000,00000000,00000000,?,00ADD7F8,00000000,00000007,00000000,?,00ADDBF5,00000000,00000000), ref: 00AD29F0
                                                                          • _free.LIBCMT ref: 00AD22D0
                                                                          • _free.LIBCMT ref: 00AD22E3
                                                                          • _free.LIBCMT ref: 00AD22F4
                                                                          • _free.LIBCMT ref: 00AD2305
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                          • String ID:
                                                                          • API String ID: 776569668-0
                                                                          • Opcode ID: 9ea776ef7fbcaa4476fe2890f9b55b3d590e652b4b784a63a64de2241f9f34fd
                                                                          • Instruction ID: 2ac0a475e415e6c523e48abe5af8690c76f95dda51972fe1eb95c8fb842db39b
                                                                          • Opcode Fuzzy Hash: 9ea776ef7fbcaa4476fe2890f9b55b3d590e652b4b784a63a64de2241f9f34fd
                                                                          • Instruction Fuzzy Hash: C8F03AB18101208F8622BF68BD11A683FA4B778760700094BF41AD73B2CF740891FBA4
                                                                          APIs
                                                                          • EndPath.GDI32(?), ref: 00AB95D4
                                                                          • StrokeAndFillPath.GDI32(?,?,00AF71F7,00000000,?,?,?), ref: 00AB95F0
                                                                          • SelectObject.GDI32(?,00000000), ref: 00AB9603
                                                                          • DeleteObject.GDI32 ref: 00AB9616
                                                                          • StrokePath.GDI32(?), ref: 00AB9631
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                          • String ID:
                                                                          • API String ID: 2625713937-0
                                                                          • Opcode ID: 2a7cefe96edfff1e052ce37b9988dfb2f9db8c254e400dee032d2aed9866e059
                                                                          • Instruction ID: 1ce0757963b7c014628822a71ef7c0e40d138449d236fbe02914cd6b0965b9ed
                                                                          • Opcode Fuzzy Hash: 2a7cefe96edfff1e052ce37b9988dfb2f9db8c254e400dee032d2aed9866e059
                                                                          • Instruction Fuzzy Hash: 78F0B631005644EBDB265FADED187A97F65AB01322F148614E66A660F2CF308997DF20
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: __freea$_free
                                                                          • String ID: a/p$am/pm
                                                                          • API String ID: 3432400110-3206640213
                                                                          • Opcode ID: b00c9ff40218c87cb55138337f199cf5b4451afe645aaed4d0969b4075a18df6
                                                                          • Instruction ID: 14f94ea2cf28f25464f0d1c2fd10fb1c8c20ddc492500320847321e6947d5e0c
                                                                          • Opcode Fuzzy Hash: b00c9ff40218c87cb55138337f199cf5b4451afe645aaed4d0969b4075a18df6
                                                                          • Instruction Fuzzy Hash: A8D1F031900206EADB689F68C989BFAB7B1EF05700F28426BE9079F751D3759D80CB91
                                                                          APIs
                                                                            • Part of subcall function 00AC0242: EnterCriticalSection.KERNEL32(00B7070C,00B71884,?,?,00AB198B,00B72518,?,?,?,00AA12F9,00000000), ref: 00AC024D
                                                                            • Part of subcall function 00AC0242: LeaveCriticalSection.KERNEL32(00B7070C,?,00AB198B,00B72518,?,?,?,00AA12F9,00000000), ref: 00AC028A
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                            • Part of subcall function 00AC00A3: __onexit.LIBCMT ref: 00AC00A9
                                                                          • __Init_thread_footer.LIBCMT ref: 00B27BFB
                                                                            • Part of subcall function 00AC01F8: EnterCriticalSection.KERNEL32(00B7070C,?,?,00AB8747,00B72514), ref: 00AC0202
                                                                            • Part of subcall function 00AC01F8: LeaveCriticalSection.KERNEL32(00B7070C,?,00AB8747,00B72514), ref: 00AC0235
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                          • String ID: 5$G$Variable must be of type 'Object'.
                                                                          • API String ID: 535116098-3733170431
                                                                          • Opcode ID: 1f17888ff6fbbef2dc3ea73049a8cba57bc4e42e7ce7771919275bb36bfc0af4
                                                                          • Instruction ID: f1a214c85a3064e782589bdb183afa5db492d522fdb668a20c1756f81c97dc88
                                                                          • Opcode Fuzzy Hash: 1f17888ff6fbbef2dc3ea73049a8cba57bc4e42e7ce7771919275bb36bfc0af4
                                                                          • Instruction Fuzzy Hash: 3D919E70A44219EFCB14EF94E990DADB7F1FF49340F108099F80A6B2A2DB31AE41CB55
                                                                          APIs
                                                                            • Part of subcall function 00B0B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00B021D0,?,?,00000034,00000800,?,00000034), ref: 00B0B42D
                                                                          • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00B02760
                                                                            • Part of subcall function 00B0B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00B021FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00B0B3F8
                                                                            • Part of subcall function 00B0B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00B0B355
                                                                            • Part of subcall function 00B0B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00B02194,00000034,?,?,00001004,00000000,00000000), ref: 00B0B365
                                                                            • Part of subcall function 00B0B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00B02194,00000034,?,?,00001004,00000000,00000000), ref: 00B0B37B
                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00B027CD
                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00B0281A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                          • String ID: @
                                                                          • API String ID: 4150878124-2766056989
                                                                          • Opcode ID: fdd48bb80db5a5290575e8bdfce70db1beebf170314ffb9bf7721165eadf36c7
                                                                          • Instruction ID: 357e3fe2aee6a53a5459dca160670608ca2b77766ff78c4819a080f5b5fc8819
                                                                          • Opcode Fuzzy Hash: fdd48bb80db5a5290575e8bdfce70db1beebf170314ffb9bf7721165eadf36c7
                                                                          • Instruction Fuzzy Hash: 7E41EB76900218AFDB10DFA4CD46EEEBBB8EF09700F108095FA55B7191DB716E49CBA1
                                                                          APIs
                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\rTTSWIFTCOPIES.exe,00000104), ref: 00AD1769
                                                                          • _free.LIBCMT ref: 00AD1834
                                                                          • _free.LIBCMT ref: 00AD183E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _free$FileModuleName
                                                                          • String ID: C:\Users\user\Desktop\rTTSWIFTCOPIES.exe
                                                                          • API String ID: 2506810119-2864159477
                                                                          • Opcode ID: deafea1c00ed99ed810e23e65adcde30bd0e328e1731a0f26bde168b7d6c42fe
                                                                          • Instruction ID: 4410268bc959d563fa023d2025b4fbfe26ebdc19dcc157895ebc05152ab91525
                                                                          • Opcode Fuzzy Hash: deafea1c00ed99ed810e23e65adcde30bd0e328e1731a0f26bde168b7d6c42fe
                                                                          • Instruction Fuzzy Hash: 11316E75A00218BFDB21DB99D985D9EBBFCEB95310B1441A7F806D7321DA708E80DBA0
                                                                          APIs
                                                                          • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00B0C306
                                                                          • DeleteMenu.USER32(?,00000007,00000000), ref: 00B0C34C
                                                                          • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00B71990,01765F40), ref: 00B0C395
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Menu$Delete$InfoItem
                                                                          • String ID: 0
                                                                          • API String ID: 135850232-4108050209
                                                                          • Opcode ID: e6f6d05b97cf3a773d8c0821cafea4e367f7346507f69f92f8aeffc6f9c14199
                                                                          • Instruction ID: a6b6bd5a3c21b4808a24be65918b4e207cc90b73be098e1057cc0bc476d3b6a2
                                                                          • Opcode Fuzzy Hash: e6f6d05b97cf3a773d8c0821cafea4e367f7346507f69f92f8aeffc6f9c14199
                                                                          • Instruction Fuzzy Hash: F5418E312043019FD720DF25D885B5ABFE4EF85360F148B9DF9A5972D2DB30A904CB66
                                                                          APIs
                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00B3CC08,00000000,?,?,?,?), ref: 00B344AA
                                                                          • GetWindowLongW.USER32 ref: 00B344C7
                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B344D7
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Long
                                                                          • String ID: SysTreeView32
                                                                          • API String ID: 847901565-1698111956
                                                                          • Opcode ID: 3b97133095614dec1498e9ae1cf71a88c30836c924ca0a0054bfe3126cfa12ee
                                                                          • Instruction ID: a6ae8271684213eb9a162112d64250ccbfd13840d0c099dc2cdba9bb95fd6ee4
                                                                          • Opcode Fuzzy Hash: 3b97133095614dec1498e9ae1cf71a88c30836c924ca0a0054bfe3126cfa12ee
                                                                          • Instruction Fuzzy Hash: 29317A32210605ABDB209E78DC45BEA7BA9EB09324F314765F979A32E1DB70EC509B50
                                                                          APIs
                                                                            • Part of subcall function 00B2335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00B23077,?,?), ref: 00B23378
                                                                          • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B2307A
                                                                          • _wcslen.LIBCMT ref: 00B2309B
                                                                          • htons.WSOCK32(00000000,?,?,00000000), ref: 00B23106
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                          • String ID: 255.255.255.255
                                                                          • API String ID: 946324512-2422070025
                                                                          • Opcode ID: 90a009e40daaf348951560aeeea3cb39e1ebbb6150eae2b12b0ac4ecb6db92f1
                                                                          • Instruction ID: 00e8e479f67fac034b68db2fcf4ebfb100984c38b5561a377fb99da998882f8d
                                                                          • Opcode Fuzzy Hash: 90a009e40daaf348951560aeeea3cb39e1ebbb6150eae2b12b0ac4ecb6db92f1
                                                                          • Instruction Fuzzy Hash: C131F3392002219FCB10CF68D586FAA77E0EF14718F248099E8199B392CB3AEF41C770
                                                                          APIs
                                                                          • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00B34705
                                                                          • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00B34713
                                                                          • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00B3471A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$DestroyWindow
                                                                          • String ID: msctls_updown32
                                                                          • API String ID: 4014797782-2298589950
                                                                          • Opcode ID: 5f09a37cf29e9105cebd25b24352c8a863b182c88fb63cfa9b442ced9c2382ef
                                                                          • Instruction ID: 2e815d4b9ed2d0562351274e688b4677be74f74a5424f697d2a4cdaef2dfe3d9
                                                                          • Opcode Fuzzy Hash: 5f09a37cf29e9105cebd25b24352c8a863b182c88fb63cfa9b442ced9c2382ef
                                                                          • Instruction Fuzzy Hash: 08214CB5600208AFDB10DF68DC81DAA37EDEB5A3A4B140499FA059B291CB70FC52CA60
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen
                                                                          • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                          • API String ID: 176396367-2734436370
                                                                          • Opcode ID: d49788b29c83aa2bc96f6b218ac4e28b6babe3cdaa17ef61a489de1783c53dd8
                                                                          • Instruction ID: 49f23dc81f8686a6fc344ffdea7b474c6cfbbb85b2bec0650d46455f8baf50ed
                                                                          • Opcode Fuzzy Hash: d49788b29c83aa2bc96f6b218ac4e28b6babe3cdaa17ef61a489de1783c53dd8
                                                                          • Instruction Fuzzy Hash: B02157722046116AD331BB259D42FBBBBD8EFA5300F14406AF949970C3EB66ED41C3D5
                                                                          APIs
                                                                          • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00B33840
                                                                          • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00B33850
                                                                          • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00B33876
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$MoveWindow
                                                                          • String ID: Listbox
                                                                          • API String ID: 3315199576-2633736733
                                                                          • Opcode ID: 2112801a539cdb9e4d5cbe19b0ca1418a930435dc3b23b4419dcd9986a877fd1
                                                                          • Instruction ID: b0a9ee486d5003ea2cec3daa219ec71a0c0f8276e6cc521e0d1931f7a0075eec
                                                                          • Opcode Fuzzy Hash: 2112801a539cdb9e4d5cbe19b0ca1418a930435dc3b23b4419dcd9986a877fd1
                                                                          • Instruction Fuzzy Hash: 0A21A472610218BBEF218F54DC85FBB37EEEF89B54F218154F9059B190CA71DC5287A0
                                                                          APIs
                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00B14A08
                                                                          • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00B14A5C
                                                                          • SetErrorMode.KERNEL32(00000000,?,?,00B3CC08), ref: 00B14AD0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorMode$InformationVolume
                                                                          • String ID: %lu
                                                                          • API String ID: 2507767853-685833217
                                                                          • Opcode ID: ad8ce5dfd99672438e667a9fb036fd3a118637981aae1b03ca3b480c8fba20d7
                                                                          • Instruction ID: 1447aaa2aa708bdca3bfd3dc56399def61ea26b820e69b992986dca5b828122e
                                                                          • Opcode Fuzzy Hash: ad8ce5dfd99672438e667a9fb036fd3a118637981aae1b03ca3b480c8fba20d7
                                                                          • Instruction Fuzzy Hash: 09316575A00109AFD710DF54C985EAEBBF8EF09318F148095F509EB262DB71ED45CB61
                                                                          APIs
                                                                          • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00B3424F
                                                                          • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00B34264
                                                                          • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00B34271
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend
                                                                          • String ID: msctls_trackbar32
                                                                          • API String ID: 3850602802-1010561917
                                                                          • Opcode ID: 8781df4b4f7c05d5d42453fb9d0d912892bbba8e32bd7d287d740a031ef7ece9
                                                                          • Instruction ID: 48f35ef448706b0fed6d969a13451bece13363efba99369aeb4a35183aae39e9
                                                                          • Opcode Fuzzy Hash: 8781df4b4f7c05d5d42453fb9d0d912892bbba8e32bd7d287d740a031ef7ece9
                                                                          • Instruction Fuzzy Hash: 6D119E31250248BEEF205E69CC46FAB3BECEB95B64F214524FA55E60A0D671E8519B20
                                                                          APIs
                                                                            • Part of subcall function 00AA6B57: _wcslen.LIBCMT ref: 00AA6B6A
                                                                            • Part of subcall function 00B02DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00B02DC5
                                                                            • Part of subcall function 00B02DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B02DD6
                                                                            • Part of subcall function 00B02DA7: GetCurrentThreadId.KERNEL32 ref: 00B02DDD
                                                                            • Part of subcall function 00B02DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00B02DE4
                                                                          • GetFocus.USER32 ref: 00B02F78
                                                                            • Part of subcall function 00B02DEE: GetParent.USER32(00000000), ref: 00B02DF9
                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00B02FC3
                                                                          • EnumChildWindows.USER32(?,00B0303B), ref: 00B02FEB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                          • String ID: %s%d
                                                                          • API String ID: 1272988791-1110647743
                                                                          • Opcode ID: cd3b5e3f3448e9616aafd2b04ab3d5a4da59151f778f63777a925cafb48f4191
                                                                          • Instruction ID: c7487b750f10b20e313aea07aa0f158331cc09a25511bcd4d21883ea8e1f4953
                                                                          • Opcode Fuzzy Hash: cd3b5e3f3448e9616aafd2b04ab3d5a4da59151f778f63777a925cafb48f4191
                                                                          • Instruction Fuzzy Hash: 8111A2716002056BDF157FA48D8AFED7BEEAF84304F1440B9F909AB1D2DE3099498B70
                                                                          APIs
                                                                          • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B358C1
                                                                          • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B358EE
                                                                          • DrawMenuBar.USER32(?), ref: 00B358FD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Menu$InfoItem$Draw
                                                                          • String ID: 0
                                                                          • API String ID: 3227129158-4108050209
                                                                          • Opcode ID: 5cd8ed71fe93afc1a4427e23ad366045c0b0d17369d8a57b0c90ab808b7f9d4d
                                                                          • Instruction ID: 7bb82e104463b28752491e38a6aa6c01701ec2aec429442bd868a5a4684bdd50
                                                                          • Opcode Fuzzy Hash: 5cd8ed71fe93afc1a4427e23ad366045c0b0d17369d8a57b0c90ab808b7f9d4d
                                                                          • Instruction Fuzzy Hash: CE012D31500218EFDB219F51DC85BEEBBB9FB45361F2480D9E849D6251DB309A94EF31
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5770f61f7d5c910dde0dc6a70c425a9cfbcd4b7c9d5809f0455f20a5ba8048b5
                                                                          • Instruction ID: 1d984fb823ecd9b972eb288014b59259ecf6dc4f349f0b03f52d86de6a809bb9
                                                                          • Opcode Fuzzy Hash: 5770f61f7d5c910dde0dc6a70c425a9cfbcd4b7c9d5809f0455f20a5ba8048b5
                                                                          • Instruction Fuzzy Hash: 71C13775A1020AEFDB15DFA4C894BAEBBB5FF48304F208598E505EB291D731EE41CB94
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Variant$ClearInitInitializeUninitialize
                                                                          • String ID:
                                                                          • API String ID: 1998397398-0
                                                                          • Opcode ID: 6b301e6126365fd4b59712e15f67c5509bc07f577d6c5dfc4cf04c6888e5ded2
                                                                          • Instruction ID: 5f5e3fae79927ed006117f5ff4b5f48b41f373a8692586551b08cde933ffe858
                                                                          • Opcode Fuzzy Hash: 6b301e6126365fd4b59712e15f67c5509bc07f577d6c5dfc4cf04c6888e5ded2
                                                                          • Instruction Fuzzy Hash: D5A16D756043119FC700EF24D985A2EB7E5FF89714F048899F98A9B3A2DB34EE01CB91
                                                                          APIs
                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00B3FC08,?), ref: 00B005F0
                                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00B3FC08,?), ref: 00B00608
                                                                          • CLSIDFromProgID.OLE32(?,?,00000000,00B3CC40,000000FF,?,00000000,00000800,00000000,?,00B3FC08,?), ref: 00B0062D
                                                                          • _memcmp.LIBVCRUNTIME ref: 00B0064E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: FromProg$FreeTask_memcmp
                                                                          • String ID:
                                                                          • API String ID: 314563124-0
                                                                          • Opcode ID: d176e47009348dcbbb2243b8e8c2a4cee34fdaaf30de3e348bb2dd8f14e85689
                                                                          • Instruction ID: 888a84b7355de5a58fd8cbaaa89bc4b9bf365f4c9948778ae298656a71923c6d
                                                                          • Opcode Fuzzy Hash: d176e47009348dcbbb2243b8e8c2a4cee34fdaaf30de3e348bb2dd8f14e85689
                                                                          • Instruction Fuzzy Hash: B781EE75A10109EFCB04DF94C984EEEBBF9FF89315F204598E516AB290DB71AE05CB60
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _free
                                                                          • String ID:
                                                                          • API String ID: 269201875-0
                                                                          • Opcode ID: 7396a0d2efb3b7ac5a69a67ba40c5c6585b898cd31d093870f8179087b4e0ae1
                                                                          • Instruction ID: 56d23e42f2474cee3c0db800be2c7658a5719a0ddae2eb282c1341b7eba3b5f6
                                                                          • Opcode Fuzzy Hash: 7396a0d2efb3b7ac5a69a67ba40c5c6585b898cd31d093870f8179087b4e0ae1
                                                                          • Instruction Fuzzy Hash: DF415CB1A00561ABDB216BBA8D45BBE3AF5EF41330F15422AF41AD73D2E63488419361
                                                                          APIs
                                                                          • GetWindowRect.USER32(0176F158,?), ref: 00B362E2
                                                                          • ScreenToClient.USER32(?,?), ref: 00B36315
                                                                          • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00B36382
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$ClientMoveRectScreen
                                                                          • String ID:
                                                                          • API String ID: 3880355969-0
                                                                          • Opcode ID: 51f874f72453d59638f77eeca9508354d002695b8aedd4a0430847dffa99af07
                                                                          • Instruction ID: c2df02068af4e2a5099a4dfd91394345eedcf07d2e2543535ba2db1f031dd985
                                                                          • Opcode Fuzzy Hash: 51f874f72453d59638f77eeca9508354d002695b8aedd4a0430847dffa99af07
                                                                          • Instruction Fuzzy Hash: 74512A75A00209EFCB14DF68D881AAE7BF5EB45360F208599F9559B2A0DB30ED81CB50
                                                                          APIs
                                                                          • socket.WSOCK32(00000002,00000002,00000011), ref: 00B21AFD
                                                                          • WSAGetLastError.WSOCK32 ref: 00B21B0B
                                                                          • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00B21B8A
                                                                          • WSAGetLastError.WSOCK32 ref: 00B21B94
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$socket
                                                                          • String ID:
                                                                          • API String ID: 1881357543-0
                                                                          • Opcode ID: 3f6fdbfe69efc8a4fe28cc982e5bbf441d20e4e6c97e6b7273ca58b1703d4bcd
                                                                          • Instruction ID: 8c4f5287ddb4afc14f1f9eeaa351cc07f93d9ac0275d2fcd181901b98733a144
                                                                          • Opcode Fuzzy Hash: 3f6fdbfe69efc8a4fe28cc982e5bbf441d20e4e6c97e6b7273ca58b1703d4bcd
                                                                          • Instruction Fuzzy Hash: D841D234600210AFE720AF24D98AF6A77E5EB45718F548488F91A9F3D3D772DD418B90
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4390cb0066a7d4c61633dc47aca3ccad195d028f5b5e2e7064a866d23a41a0c5
                                                                          • Instruction ID: 96c7ad1245768278f5f3992e1a7f0ee2fb1dad707bfb7c237176bc95996b5a78
                                                                          • Opcode Fuzzy Hash: 4390cb0066a7d4c61633dc47aca3ccad195d028f5b5e2e7064a866d23a41a0c5
                                                                          • Instruction Fuzzy Hash: 2F41E2B6A10354EFD724DF38C941BAABBB9EB88710F11852FF152DB382D771990187A0
                                                                          APIs
                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00B15783
                                                                          • GetLastError.KERNEL32(?,00000000), ref: 00B157A9
                                                                          • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00B157CE
                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00B157FA
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CreateHardLink$DeleteErrorFileLast
                                                                          • String ID:
                                                                          • API String ID: 3321077145-0
                                                                          • Opcode ID: 783ccad5cc1cdf13e153297da33934e1cb815d46b4e1223d5bae4ca28d75eda3
                                                                          • Instruction ID: fe77daf749fdbb8867f7f80e58f33e92aff4074c4ac4bb44324a0ee6a824aa77
                                                                          • Opcode Fuzzy Hash: 783ccad5cc1cdf13e153297da33934e1cb815d46b4e1223d5bae4ca28d75eda3
                                                                          • Instruction Fuzzy Hash: D141EE35600611DFCB11EF55C585A5EBBE2EF89720F19C498E84A6B3A2CB34FD41CB91
                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00AC6D71,00000000,00000000,00AC82D9,?,00AC82D9,?,00000001,00AC6D71,8BE85006,00000001,00AC82D9,00AC82D9), ref: 00ADD910
                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00ADD999
                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00ADD9AB
                                                                          • __freea.LIBCMT ref: 00ADD9B4
                                                                            • Part of subcall function 00AD3820: RtlAllocateHeap.NTDLL(00000000,?,00B71444,?,00ABFDF5,?,?,00AAA976,00000010,00B71440,00AA13FC,?,00AA13C6,?,00AA1129), ref: 00AD3852
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                          • String ID:
                                                                          • API String ID: 2652629310-0
                                                                          • Opcode ID: 016a82a006063a095919f7ce0b5581cab022cc487fe0739bd224d22d5b361535
                                                                          • Instruction ID: faa9288d3a046d32e1e076f526d11507a5a8a63ae150b1ce3e678e5d4a91076c
                                                                          • Opcode Fuzzy Hash: 016a82a006063a095919f7ce0b5581cab022cc487fe0739bd224d22d5b361535
                                                                          • Instruction Fuzzy Hash: 4531E172A0020AABDF24CF64DC95EAE7BA5EB40310F154169FC05E7250EB36DD50CB90
                                                                          APIs
                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00B35352
                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00B35375
                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B35382
                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B353A8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: LongWindow$InvalidateMessageRectSend
                                                                          • String ID:
                                                                          • API String ID: 3340791633-0
                                                                          • Opcode ID: 373a5ae92b169e32b899c45a6eda6febc0a603a7f2d4f84a57bd211b605a8560
                                                                          • Instruction ID: dd108bd414795780087aac621d27d72de63830fd7087d61baa52b60ac2869eff
                                                                          • Opcode Fuzzy Hash: 373a5ae92b169e32b899c45a6eda6febc0a603a7f2d4f84a57bd211b605a8560
                                                                          • Instruction Fuzzy Hash: 8931C434A95A0CEFEB309E58CC46BE837E5EB05390F784181FA12971E1C7B0AD80DB59
                                                                          APIs
                                                                          • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00B0ABF1
                                                                          • SetKeyboardState.USER32(00000080,?,00008000), ref: 00B0AC0D
                                                                          • PostMessageW.USER32(00000000,00000101,00000000), ref: 00B0AC74
                                                                          • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00B0ACC6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                          • String ID:
                                                                          • API String ID: 432972143-0
                                                                          • Opcode ID: c50a435c95d856e2e8f3a4c99140113a5d524e1da18e9b42fc92dd63484d4304
                                                                          • Instruction ID: 64ac2889beab969415f735c4b64a96dda914ea365095ebf7c5e0b1885f80a664
                                                                          • Opcode Fuzzy Hash: c50a435c95d856e2e8f3a4c99140113a5d524e1da18e9b42fc92dd63484d4304
                                                                          • Instruction Fuzzy Hash: 32311030A04718AFFB358B648C09BFE7FE5EB89310F098A9AE485971D1C77499858792
                                                                          APIs
                                                                          • ClientToScreen.USER32(?,?), ref: 00B3769A
                                                                          • GetWindowRect.USER32(?,?), ref: 00B37710
                                                                          • PtInRect.USER32(?,?,00B38B89), ref: 00B37720
                                                                          • MessageBeep.USER32(00000000), ref: 00B3778C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Rect$BeepClientMessageScreenWindow
                                                                          • String ID:
                                                                          • API String ID: 1352109105-0
                                                                          • Opcode ID: f3188964a0088247dd81af40cbc37b765dd78529f29c76bda4652c560394253d
                                                                          • Instruction ID: 9ac490be080256f301f80a06e31f0efef747527f69b52700d32dfe56ed80073c
                                                                          • Opcode Fuzzy Hash: f3188964a0088247dd81af40cbc37b765dd78529f29c76bda4652c560394253d
                                                                          • Instruction Fuzzy Hash: 54418DB4645214EFCB22CF98C895EA97BF5FB49314F2580E8E5259B261CB30AD42CF90
                                                                          APIs
                                                                          • GetForegroundWindow.USER32 ref: 00B316EB
                                                                            • Part of subcall function 00B03A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B03A57
                                                                            • Part of subcall function 00B03A3D: GetCurrentThreadId.KERNEL32 ref: 00B03A5E
                                                                            • Part of subcall function 00B03A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00B025B3), ref: 00B03A65
                                                                          • GetCaretPos.USER32(?), ref: 00B316FF
                                                                          • ClientToScreen.USER32(00000000,?), ref: 00B3174C
                                                                          • GetForegroundWindow.USER32 ref: 00B31752
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                          • String ID:
                                                                          • API String ID: 2759813231-0
                                                                          • Opcode ID: d724b5c15fec78197a2b96aa6709d22042bb743244e1babaa2ebf259b4c4b27b
                                                                          • Instruction ID: 98f974ee727f01e78d9e029da844a5181cabb3049ffce972984ee31b9a80cdba
                                                                          • Opcode Fuzzy Hash: d724b5c15fec78197a2b96aa6709d22042bb743244e1babaa2ebf259b4c4b27b
                                                                          • Instruction Fuzzy Hash: 583152B1E00249AFD700DFA9C981CAEBBFDEF49304B5484A9E415E7251DB31DE45CBA0
                                                                          APIs
                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 00B0D501
                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 00B0D50F
                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 00B0D52F
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00B0D5DC
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                          • String ID:
                                                                          • API String ID: 420147892-0
                                                                          • Opcode ID: 655bc15071679a21a983c07e299fa59130427f89ecbec26b8e48b36eae420750
                                                                          • Instruction ID: 636d744b02d5cb695c617621f13ac8f3dabcfc57b40f3bf62d4227d4338576fa
                                                                          • Opcode Fuzzy Hash: 655bc15071679a21a983c07e299fa59130427f89ecbec26b8e48b36eae420750
                                                                          • Instruction Fuzzy Hash: A6317E711082009FD300EF94CC85AAFBFE8EF9A354F14092DF585971E1EB719949CB92
                                                                          APIs
                                                                            • Part of subcall function 00AB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00AB9BB2
                                                                          • GetCursorPos.USER32(?), ref: 00B39001
                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00AF7711,?,?,?,?,?), ref: 00B39016
                                                                          • GetCursorPos.USER32(?), ref: 00B3905E
                                                                          • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00AF7711,?,?,?), ref: 00B39094
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                          • String ID:
                                                                          • API String ID: 2864067406-0
                                                                          • Opcode ID: 8eea1ce6ff6c8293f671c39970e79a19918cdc9942e5e5b287763dc7701babef
                                                                          • Instruction ID: 30f3fd55d453ba21602eee8b0fab125aceca51ecb8bc47fbca83a23463f9be8b
                                                                          • Opcode Fuzzy Hash: 8eea1ce6ff6c8293f671c39970e79a19918cdc9942e5e5b287763dc7701babef
                                                                          • Instruction Fuzzy Hash: 6D21D135600118EFCB298F98CC59EFE3BF9EF49350F204095F90557261C771A991DB60
                                                                          APIs
                                                                          • GetFileAttributesW.KERNEL32(?,00B3CB68), ref: 00B0D2FB
                                                                          • GetLastError.KERNEL32 ref: 00B0D30A
                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 00B0D319
                                                                          • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00B3CB68), ref: 00B0D376
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CreateDirectory$AttributesErrorFileLast
                                                                          • String ID:
                                                                          • API String ID: 2267087916-0
                                                                          • Opcode ID: e986e7c15e15857c8474f85394886d7d57c219ecb9eebfe40d60870325eaf6ea
                                                                          • Instruction ID: b2639fcfec32c40d0e3f1db4ecce7958aa4733caf5777c4bc49d90864acd1c04
                                                                          • Opcode Fuzzy Hash: e986e7c15e15857c8474f85394886d7d57c219ecb9eebfe40d60870325eaf6ea
                                                                          • Instruction Fuzzy Hash: 02217C705083019FC700DFA8C98186FBBE4EE5A364F204A5DF499D72E1EB309946CB97
                                                                          APIs
                                                                            • Part of subcall function 00B01014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00B0102A
                                                                            • Part of subcall function 00B01014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00B01036
                                                                            • Part of subcall function 00B01014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B01045
                                                                            • Part of subcall function 00B01014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00B0104C
                                                                            • Part of subcall function 00B01014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B01062
                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00B015BE
                                                                          • _memcmp.LIBVCRUNTIME ref: 00B015E1
                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B01617
                                                                          • HeapFree.KERNEL32(00000000), ref: 00B0161E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                          • String ID:
                                                                          • API String ID: 1592001646-0
                                                                          • Opcode ID: 2c6ef1454f484f511427d1e39e4c10ba549b679479a9016f44f14e5047971896
                                                                          • Instruction ID: b75a6ad55ec4e235686297672c59d4982c25b8f974f288ebe6e896741e4b989b
                                                                          • Opcode Fuzzy Hash: 2c6ef1454f484f511427d1e39e4c10ba549b679479a9016f44f14e5047971896
                                                                          • Instruction Fuzzy Hash: 2F217C31E00108AFDB18DFA8CD45BEEBBF8EF44344F184899E441AB291E731AA45DB50
                                                                          APIs
                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 00B3280A
                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B32824
                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B32832
                                                                          • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00B32840
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Long$AttributesLayered
                                                                          • String ID:
                                                                          • API String ID: 2169480361-0
                                                                          • Opcode ID: c07a73ea5be4b61c6c7bcff31879a12fca9665dbb89b3ff4e95b38ef8ae4c1b7
                                                                          • Instruction ID: f5734f314edb935942cac831cb84c4a5456a5fc26c72f893df81400cf4a5cf36
                                                                          • Opcode Fuzzy Hash: c07a73ea5be4b61c6c7bcff31879a12fca9665dbb89b3ff4e95b38ef8ae4c1b7
                                                                          • Instruction Fuzzy Hash: F721B331605511AFD7149B24C855FAA7B95FF46324F258198F4268B6E2CB71FC42C790
                                                                          APIs
                                                                            • Part of subcall function 00B08D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00B0790A,?,000000FF,?,00B08754,00000000,?,0000001C,?,?), ref: 00B08D8C
                                                                            • Part of subcall function 00B08D7D: lstrcpyW.KERNEL32(00000000,?,?,00B0790A,?,000000FF,?,00B08754,00000000,?,0000001C,?,?,00000000), ref: 00B08DB2
                                                                            • Part of subcall function 00B08D7D: lstrcmpiW.KERNEL32(00000000,?,00B0790A,?,000000FF,?,00B08754,00000000,?,0000001C,?,?), ref: 00B08DE3
                                                                          • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00B08754,00000000,?,0000001C,?,?,00000000), ref: 00B07923
                                                                          • lstrcpyW.KERNEL32(00000000,?,?,00B08754,00000000,?,0000001C,?,?,00000000), ref: 00B07949
                                                                          • lstrcmpiW.KERNEL32(00000002,cdecl,?,00B08754,00000000,?,0000001C,?,?,00000000), ref: 00B07984
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: lstrcmpilstrcpylstrlen
                                                                          • String ID: cdecl
                                                                          • API String ID: 4031866154-3896280584
                                                                          • Opcode ID: 2a103bd62f01061cde84103f840a2efa1081a843cbdc371f633ca284d449f6a7
                                                                          • Instruction ID: 2b1fc3aa76bde77fc61221e6dec68ddcbd09801fb59e722b1029c1edd099df6a
                                                                          • Opcode Fuzzy Hash: 2a103bd62f01061cde84103f840a2efa1081a843cbdc371f633ca284d449f6a7
                                                                          • Instruction Fuzzy Hash: 6411E13A200202BFCB159F38C845D7ABBE9EF85350B50806AE842C72A4EF31A911D7A1
                                                                          APIs
                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00B37D0B
                                                                          • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00B37D2A
                                                                          • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00B37D42
                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00B1B7AD,00000000), ref: 00B37D6B
                                                                            • Part of subcall function 00AB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00AB9BB2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Long
                                                                          • String ID:
                                                                          • API String ID: 847901565-0
                                                                          • Opcode ID: b8e3cab28caeb0faee5fe75c0a0d24a67385155c9471fff964343dfdbaf09c12
                                                                          • Instruction ID: 71ea17539380beed1e9db98947c08abc920fc1c8f88f389844b20843318752c0
                                                                          • Opcode Fuzzy Hash: b8e3cab28caeb0faee5fe75c0a0d24a67385155c9471fff964343dfdbaf09c12
                                                                          • Instruction Fuzzy Hash: D911ACB6244654AFCB208F6CCC04AAA3BE4EF45360F218764F939D72E0DF308961DB50
                                                                          APIs
                                                                          • SendMessageW.USER32(?,00001060,?,00000004), ref: 00B356BB
                                                                          • _wcslen.LIBCMT ref: 00B356CD
                                                                          • _wcslen.LIBCMT ref: 00B356D8
                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B35816
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend_wcslen
                                                                          • String ID:
                                                                          • API String ID: 455545452-0
                                                                          • Opcode ID: 0c89f1b1888edc3b09b022baf76743bfbe48f49a58e9fbaebed9a68ac2945b94
                                                                          • Instruction ID: 240ab5193433ef508216d9cbc2ec9e1ac5a6180f434375ee881cd6d5d26bec26
                                                                          • Opcode Fuzzy Hash: 0c89f1b1888edc3b09b022baf76743bfbe48f49a58e9fbaebed9a68ac2945b94
                                                                          • Instruction Fuzzy Hash: 7911D37560061896DB30DFA5CCC6AEE77ECEF15760F7041AAF915D6181EB70DA80CB60
                                                                          APIs
                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00B01A47
                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B01A59
                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B01A6F
                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B01A8A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend
                                                                          • String ID:
                                                                          • API String ID: 3850602802-0
                                                                          • Opcode ID: 62b555150a20a1b2a108d1c6cbb23530c12a8daaaecbc859c6387f03dde2066d
                                                                          • Instruction ID: dbe494d6e84d7763a378e6a46b7c88bf4a24b0cf4b8b5f25d9645ddea6e08d24
                                                                          • Opcode Fuzzy Hash: 62b555150a20a1b2a108d1c6cbb23530c12a8daaaecbc859c6387f03dde2066d
                                                                          • Instruction Fuzzy Hash: AE11FA3AA01219FFEB119BA9CD85FADBBB8EB04750F200491E614B7290DA716E50DB94
                                                                          APIs
                                                                          • GetCurrentThreadId.KERNEL32 ref: 00B0E1FD
                                                                          • MessageBoxW.USER32(?,?,?,?), ref: 00B0E230
                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00B0E246
                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00B0E24D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                          • String ID:
                                                                          • API String ID: 2880819207-0
                                                                          • Opcode ID: addd8afd9413a2f4184b800a90f7a7aa88de5d3b191bab4181222c552192b7b9
                                                                          • Instruction ID: ef8002e9e89b4e4bffa6083bf083ed99e55d42b5020861f7123385c490180780
                                                                          • Opcode Fuzzy Hash: addd8afd9413a2f4184b800a90f7a7aa88de5d3b191bab4181222c552192b7b9
                                                                          • Instruction Fuzzy Hash: 7211A176904254BBC7019FECAC09A9E7FACEB45324F154A69F928E3291DAB0D94487A0
                                                                          APIs
                                                                          • CreateThread.KERNEL32(00000000,?,00ACCFF9,00000000,00000004,00000000), ref: 00ACD218
                                                                          • GetLastError.KERNEL32 ref: 00ACD224
                                                                          • __dosmaperr.LIBCMT ref: 00ACD22B
                                                                          • ResumeThread.KERNEL32(00000000), ref: 00ACD249
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                          • String ID:
                                                                          • API String ID: 173952441-0
                                                                          • Opcode ID: 32145fd1844c4d15374d663edfd8ed4cea16e12c2e2593aa224a789f2af9f1c6
                                                                          • Instruction ID: a90bb23a25e9d30f8c8d512700d8a8a72ad39b91ca4ee613d9247db59698bd83
                                                                          • Opcode Fuzzy Hash: 32145fd1844c4d15374d663edfd8ed4cea16e12c2e2593aa224a789f2af9f1c6
                                                                          • Instruction Fuzzy Hash: 05018076805204BBDB215BA9DC09FEE7E69EF81731F22422DF925A61D0DF71C901D7A0
                                                                          APIs
                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00AA604C
                                                                          • GetStockObject.GDI32(00000011), ref: 00AA6060
                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 00AA606A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CreateMessageObjectSendStockWindow
                                                                          • String ID:
                                                                          • API String ID: 3970641297-0
                                                                          • Opcode ID: c9b3b64f72f91e7236ca4a61495b0625baebcabf73070514a9a1e1add392e48b
                                                                          • Instruction ID: d749ad79949d33370d2aca1c5d72065f68ea9581c3cf43ccd612dfff49536ac9
                                                                          • Opcode Fuzzy Hash: c9b3b64f72f91e7236ca4a61495b0625baebcabf73070514a9a1e1add392e48b
                                                                          • Instruction Fuzzy Hash: 7B116D72501949BFEF124FA49C44EEABF6DEF093A5F194215FA1463150DB329CA0EFA0
                                                                          APIs
                                                                          • ___BuildCatchObject.LIBVCRUNTIME ref: 00AC3B56
                                                                            • Part of subcall function 00AC3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00AC3AD2
                                                                            • Part of subcall function 00AC3AA3: ___AdjustPointer.LIBCMT ref: 00AC3AED
                                                                          • _UnwindNestedFrames.LIBCMT ref: 00AC3B6B
                                                                          • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00AC3B7C
                                                                          • CallCatchBlock.LIBVCRUNTIME ref: 00AC3BA4
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                          • String ID:
                                                                          • API String ID: 737400349-0
                                                                          • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                          • Instruction ID: 66a04a1d869950e0cdf5bb13ea439dbdb65293ffe8de1569a6c4a32ddb76f804
                                                                          • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                          • Instruction Fuzzy Hash: 5901D733100149BBDF126F95CD46EEB7B6DEF58754F068018FE4866121C632E9619BA0
                                                                          APIs
                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00AA13C6,00000000,00000000,?,00AD301A,00AA13C6,00000000,00000000,00000000,?,00AD328B,00000006,FlsSetValue), ref: 00AD30A5
                                                                          • GetLastError.KERNEL32(?,00AD301A,00AA13C6,00000000,00000000,00000000,?,00AD328B,00000006,FlsSetValue,00B42290,FlsSetValue,00000000,00000364,?,00AD2E46), ref: 00AD30B1
                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00AD301A,00AA13C6,00000000,00000000,00000000,?,00AD328B,00000006,FlsSetValue,00B42290,FlsSetValue,00000000), ref: 00AD30BF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad$ErrorLast
                                                                          • String ID:
                                                                          • API String ID: 3177248105-0
                                                                          • Opcode ID: 0d1989a52d1022e2790106119aa590c69a31e7eed13f2aaec88a12b75be1ce2e
                                                                          • Instruction ID: ebb143d9faea073a6fffa4f4d991eecbaf62ab193b52a03026e235580765cdf1
                                                                          • Opcode Fuzzy Hash: 0d1989a52d1022e2790106119aa590c69a31e7eed13f2aaec88a12b75be1ce2e
                                                                          • Instruction Fuzzy Hash: 0601F737701222ABCF314BB8AC44A5B7BA8AF05B61B240621F907F7340CB21D901C7E1
                                                                          APIs
                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00B0747F
                                                                          • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00B07497
                                                                          • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00B074AC
                                                                          • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00B074CA
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Type$Register$FileLoadModuleNameUser
                                                                          • String ID:
                                                                          • API String ID: 1352324309-0
                                                                          • Opcode ID: 4618238d7980e061c8aeb0facefd4d40aec48762c772ca754d3deb53ffd40033
                                                                          • Instruction ID: fee56db19181c9d57f01b22fed666847d10173763b33b94b4b06ce0471f8a3e2
                                                                          • Opcode Fuzzy Hash: 4618238d7980e061c8aeb0facefd4d40aec48762c772ca754d3deb53ffd40033
                                                                          • Instruction Fuzzy Hash: 3F11A5B56453149BE7208F54EC48F9ABFFCEB00700F108599A556D7291DB70F904DB90
                                                                          APIs
                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00B0ACD3,?,00008000), ref: 00B0B0C4
                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00B0ACD3,?,00008000), ref: 00B0B0E9
                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00B0ACD3,?,00008000), ref: 00B0B0F3
                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00B0ACD3,?,00008000), ref: 00B0B126
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CounterPerformanceQuerySleep
                                                                          • String ID:
                                                                          • API String ID: 2875609808-0
                                                                          • Opcode ID: 1cc80e1f234cc7c9cfe67fa5ee7b6ea25a57f69d2184e5e59cc915beb6aaf8a7
                                                                          • Instruction ID: f333a79e0e4da3b9ce0fe2d4a771abef6f28afd7a7f2452dc5669616c44ad783
                                                                          • Opcode Fuzzy Hash: 1cc80e1f234cc7c9cfe67fa5ee7b6ea25a57f69d2184e5e59cc915beb6aaf8a7
                                                                          • Instruction Fuzzy Hash: 8C113931C01928E7CF00AFE4E998AEEBFB8FF09711F204085D941B3181CF305A609B91
                                                                          APIs
                                                                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00B02DC5
                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00B02DD6
                                                                          • GetCurrentThreadId.KERNEL32 ref: 00B02DDD
                                                                          • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00B02DE4
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                          • String ID:
                                                                          • API String ID: 2710830443-0
                                                                          • Opcode ID: 68dc53d12940f1c1605e0ad1b05a2633211429303a292c152dc33efee3e0c3e7
                                                                          • Instruction ID: e7d80db41cc31785d2511c15d5d85596ed4b68347d4f8a27583ecc8a06840fa5
                                                                          • Opcode Fuzzy Hash: 68dc53d12940f1c1605e0ad1b05a2633211429303a292c152dc33efee3e0c3e7
                                                                          • Instruction Fuzzy Hash: 7DE06D711016247ADB201BA29C0EEEB3EACEB42BA1F200165B506E30809AA0C844C7B0
                                                                          APIs
                                                                            • Part of subcall function 00AB9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00AB9693
                                                                            • Part of subcall function 00AB9639: SelectObject.GDI32(?,00000000), ref: 00AB96A2
                                                                            • Part of subcall function 00AB9639: BeginPath.GDI32(?), ref: 00AB96B9
                                                                            • Part of subcall function 00AB9639: SelectObject.GDI32(?,00000000), ref: 00AB96E2
                                                                          • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00B38887
                                                                          • LineTo.GDI32(?,?,?), ref: 00B38894
                                                                          • EndPath.GDI32(?), ref: 00B388A4
                                                                          • StrokePath.GDI32(?), ref: 00B388B2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                          • String ID:
                                                                          • API String ID: 1539411459-0
                                                                          • Opcode ID: e9403cd43884345fa7cf2fe108de89211a87e1fd735521089e8d8a6adf1c8820
                                                                          • Instruction ID: 618a08b7f96d188843ed0cb4fed212e643049274d1f11a2dca1993f8878fbaf4
                                                                          • Opcode Fuzzy Hash: e9403cd43884345fa7cf2fe108de89211a87e1fd735521089e8d8a6adf1c8820
                                                                          • Instruction Fuzzy Hash: D5F03A36045698BADB125F98AC09FCE3F69AF06310F248040FB12760E2CB755552DBA5
                                                                          APIs
                                                                          • GetSysColor.USER32(00000008), ref: 00AB98CC
                                                                          • SetTextColor.GDI32(?,?), ref: 00AB98D6
                                                                          • SetBkMode.GDI32(?,00000001), ref: 00AB98E9
                                                                          • GetStockObject.GDI32(00000005), ref: 00AB98F1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Color$ModeObjectStockText
                                                                          • String ID:
                                                                          • API String ID: 4037423528-0
                                                                          • Opcode ID: 97fac2afafd2dd5754c46cc2d314445956a7e22333ff246c14e5c8936c7a4d94
                                                                          • Instruction ID: a4d73356115d98faf36c557c4b6677229e9122babcbfdc2583161b6f0c5af825
                                                                          • Opcode Fuzzy Hash: 97fac2afafd2dd5754c46cc2d314445956a7e22333ff246c14e5c8936c7a4d94
                                                                          • Instruction Fuzzy Hash: 35E06531244644AADB215BB4AC09BED3F10AB11336F148219F7F5650E1C77146409B10
                                                                          APIs
                                                                          • GetCurrentThread.KERNEL32 ref: 00B01634
                                                                          • OpenThreadToken.ADVAPI32(00000000,?,?,?,00B011D9), ref: 00B0163B
                                                                          • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00B011D9), ref: 00B01648
                                                                          • OpenProcessToken.ADVAPI32(00000000,?,?,?,00B011D9), ref: 00B0164F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentOpenProcessThreadToken
                                                                          • String ID:
                                                                          • API String ID: 3974789173-0
                                                                          • Opcode ID: bdd293fc4fa3851b9d04bb01c8f730571b7c5e644ddd9d32a82860d7e716f3f4
                                                                          • Instruction ID: 8f1b5bc116ccca74bf5f4f1c458487157694c60a8c38d60de56fbde9a0251a10
                                                                          • Opcode Fuzzy Hash: bdd293fc4fa3851b9d04bb01c8f730571b7c5e644ddd9d32a82860d7e716f3f4
                                                                          • Instruction Fuzzy Hash: 54E08C32602211EBD7201FE4AE0DB8B3FBCEF44792F248848F245EA080EB348444CB68
                                                                          APIs
                                                                          • GetDesktopWindow.USER32 ref: 00AFD858
                                                                          • GetDC.USER32(00000000), ref: 00AFD862
                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00AFD882
                                                                          • ReleaseDC.USER32(?), ref: 00AFD8A3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                          • String ID:
                                                                          • API String ID: 2889604237-0
                                                                          • Opcode ID: f8db0f73a3b7575637ca4d37bc5aaaaf11c9d35360f38cccaed9b8c2c5ead22d
                                                                          • Instruction ID: 35e102deb06b1ea719f7306840f429b6aa64830a2f7a42ce7b1b2123659b4a7b
                                                                          • Opcode Fuzzy Hash: f8db0f73a3b7575637ca4d37bc5aaaaf11c9d35360f38cccaed9b8c2c5ead22d
                                                                          • Instruction Fuzzy Hash: E8E0EEB1800204EFCB41AFE09909A6DBFB6AB08310F208009F846E7260CB388901AF40
                                                                          APIs
                                                                          • GetDesktopWindow.USER32 ref: 00AFD86C
                                                                          • GetDC.USER32(00000000), ref: 00AFD876
                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00AFD882
                                                                          • ReleaseDC.USER32(?), ref: 00AFD8A3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                          • String ID:
                                                                          • API String ID: 2889604237-0
                                                                          • Opcode ID: f75c17e53570466e86fb808c0c10bae6b4127064850c3184d653ad09c98ebc99
                                                                          • Instruction ID: 31586898d86c9dbae025b7c04a42a57f6921b23b12c39d643440399137ff39ec
                                                                          • Opcode Fuzzy Hash: f75c17e53570466e86fb808c0c10bae6b4127064850c3184d653ad09c98ebc99
                                                                          • Instruction Fuzzy Hash: 7EE092B5800604EFCB51AFE0D94D66DBFB5BB08311F248449F94AF7260DB389905EF50
                                                                          APIs
                                                                            • Part of subcall function 00AA7620: _wcslen.LIBCMT ref: 00AA7625
                                                                          • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00B14ED4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Connection_wcslen
                                                                          • String ID: *$LPT
                                                                          • API String ID: 1725874428-3443410124
                                                                          • Opcode ID: 238b427f6357d0430d0884e8543b6679cd9705e757f86c598f62d9b9cfdd204f
                                                                          • Instruction ID: 503c3641bef2ef37bca95aa7d9dfa8728f68a7dd51ecd9d51e3d53541dc50393
                                                                          • Opcode Fuzzy Hash: 238b427f6357d0430d0884e8543b6679cd9705e757f86c598f62d9b9cfdd204f
                                                                          • Instruction Fuzzy Hash: 05914E75A002049FCB14DF58C584EAABBF5EF49304F5980D9E40A9F3A2D735EE86CB91
                                                                          APIs
                                                                          • __startOneArgErrorHandling.LIBCMT ref: 00ACE30D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorHandling__start
                                                                          • String ID: pow
                                                                          • API String ID: 3213639722-2276729525
                                                                          • Opcode ID: 3f06c317d414488da217314f0576030eeae553fc8b653249f6797fd653a7a33b
                                                                          • Instruction ID: 0951936a016ff3ccf52fb20f2fb460e6c6e25b35a06aeb124f0ed6375bbfb124
                                                                          • Opcode Fuzzy Hash: 3f06c317d414488da217314f0576030eeae553fc8b653249f6797fd653a7a33b
                                                                          • Instruction Fuzzy Hash: B6513A71A0C20296CB19F718CA42BBD3BA4AB40740F754D9EF0D7873A9FF358C959A46
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: #
                                                                          • API String ID: 0-1885708031
                                                                          • Opcode ID: bbd6b0fc88d7e56fed05860fc51a59e96ea7f5c770308783768fbf6daab28c00
                                                                          • Instruction ID: 9a6222cd3d8cbfdeeee66695a2cdecff7aeae3941563a8362b014628a3fd1683
                                                                          • Opcode Fuzzy Hash: bbd6b0fc88d7e56fed05860fc51a59e96ea7f5c770308783768fbf6daab28c00
                                                                          • Instruction Fuzzy Hash: BC51353550428ADFDF15EFA8C0816FA7BB8EF26310F244065F9919B2E1DB349D42CBA0
                                                                          APIs
                                                                          • Sleep.KERNEL32(00000000), ref: 00ABF2A2
                                                                          • GlobalMemoryStatusEx.KERNEL32(?), ref: 00ABF2BB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: GlobalMemorySleepStatus
                                                                          • String ID: @
                                                                          • API String ID: 2783356886-2766056989
                                                                          • Opcode ID: e48f51c1c8e83644c522e88857d93a400ff60e87cca254ac797d1bb7b4f92d1f
                                                                          • Instruction ID: 7a44677deacfad1bf89c0fcebeefe454daa6035caae625874e02bcd1e6df3843
                                                                          • Opcode Fuzzy Hash: e48f51c1c8e83644c522e88857d93a400ff60e87cca254ac797d1bb7b4f92d1f
                                                                          • Instruction Fuzzy Hash: 355134714087449FE320AF14DD86BAFBBF8FB85710F81885DF199421A5EB708529CB66
                                                                          APIs
                                                                          • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00B257E0
                                                                          • _wcslen.LIBCMT ref: 00B257EC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: BuffCharUpper_wcslen
                                                                          • String ID: CALLARGARRAY
                                                                          • API String ID: 157775604-1150593374
                                                                          • Opcode ID: 0adc1c0e2e5f0d026f59d160a4d56812b02b80f72e37817f84959d7b7720ffd1
                                                                          • Instruction ID: 375bc85d92a00d12b43923cf3bc1a1b419d27738e0c5035382be02ab5b261ed6
                                                                          • Opcode Fuzzy Hash: 0adc1c0e2e5f0d026f59d160a4d56812b02b80f72e37817f84959d7b7720ffd1
                                                                          • Instruction Fuzzy Hash: BB41B331E001199FCB14DFA8D9819FEBBF9FF59320F1040A9E509AB291EB749D81CB90
                                                                          APIs
                                                                          • _wcslen.LIBCMT ref: 00B1D130
                                                                          • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00B1D13A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CrackInternet_wcslen
                                                                          • String ID: |
                                                                          • API String ID: 596671847-2343686810
                                                                          • Opcode ID: b71c253b25b857e117a65a547f31953e55ba1bb17e11412346f0cc940e15b714
                                                                          • Instruction ID: d76ca67f1c17f29550907ca2a8947d009a8d6640d7fc0ac1fa8d1a0c6ecd2d96
                                                                          • Opcode Fuzzy Hash: b71c253b25b857e117a65a547f31953e55ba1bb17e11412346f0cc940e15b714
                                                                          • Instruction Fuzzy Hash: ED312C72D00219ABCF15EFA4CD85AEEBFB9FF09340F500059F815B61A1DB35AA56CB50
                                                                          APIs
                                                                          • DestroyWindow.USER32(?,?,?,?), ref: 00B33621
                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00B3365C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$DestroyMove
                                                                          • String ID: static
                                                                          • API String ID: 2139405536-2160076837
                                                                          • Opcode ID: c8e1cf686da276855b4f9aeb11c34b6d918f002e52f2679b7282c1593c632cd4
                                                                          • Instruction ID: bf73af9397943c3af09fedb5a8c14771149a7f2ea8737ac7b016bdefaab204ea
                                                                          • Opcode Fuzzy Hash: c8e1cf686da276855b4f9aeb11c34b6d918f002e52f2679b7282c1593c632cd4
                                                                          • Instruction Fuzzy Hash: 93319E71110604AEDB109F68DC81EFB73E9FF98B20F219619F8A5D7290DB30AD91C760
                                                                          APIs
                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00B3461F
                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B34634
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend
                                                                          • String ID: '
                                                                          • API String ID: 3850602802-1997036262
                                                                          • Opcode ID: 220b115f6e9895c718e3357e5ac561c74430c4f732dbf91779dd0b6602392304
                                                                          • Instruction ID: b44a47e0b78a1ccd07b497d0e4871f2626c4ffdcd7f151c0d10d7dba36af7889
                                                                          • Opcode Fuzzy Hash: 220b115f6e9895c718e3357e5ac561c74430c4f732dbf91779dd0b6602392304
                                                                          • Instruction Fuzzy Hash: 84312574A0020A9FDF14CFA9C981BDABBF5FF19300F2144AAE904AB381D770A941CF90
                                                                          APIs
                                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00B3327C
                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B33287
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend
                                                                          • String ID: Combobox
                                                                          • API String ID: 3850602802-2096851135
                                                                          • Opcode ID: 6b131e91a87b177d2ae4ab5194d9af040100fc31d7944fc69da634915dc3262d
                                                                          • Instruction ID: ae116f3da42401ae605f9b6bf53252b0191ca3605b672505cbd35c291d707bdc
                                                                          • Opcode Fuzzy Hash: 6b131e91a87b177d2ae4ab5194d9af040100fc31d7944fc69da634915dc3262d
                                                                          • Instruction Fuzzy Hash: 7B11C8713002087FFF219F54DC81EBB37EAEB54764F204264F51897290D671DD518760
                                                                          APIs
                                                                            • Part of subcall function 00AA600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00AA604C
                                                                            • Part of subcall function 00AA600E: GetStockObject.GDI32(00000011), ref: 00AA6060
                                                                            • Part of subcall function 00AA600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AA606A
                                                                          • GetWindowRect.USER32(00000000,?), ref: 00B3377A
                                                                          • GetSysColor.USER32(00000012), ref: 00B33794
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                          • String ID: static
                                                                          • API String ID: 1983116058-2160076837
                                                                          • Opcode ID: d7f797c82d9a16e65198638aaa90e84c02fa7c21abcc81520a674d8c9e67b3e9
                                                                          • Instruction ID: 2ae8dc0e7bb6453815c0d6eb7027c02bac08b637a7eb02813ee0fe598d4e764b
                                                                          • Opcode Fuzzy Hash: d7f797c82d9a16e65198638aaa90e84c02fa7c21abcc81520a674d8c9e67b3e9
                                                                          • Instruction Fuzzy Hash: 9F1126B2610209AFDF00DFA8CC46EEA7BF8EB08714F114954F955E3250EB39E8619B60
                                                                          APIs
                                                                          • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00B1CD7D
                                                                          • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00B1CDA6
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Internet$OpenOption
                                                                          • String ID: <local>
                                                                          • API String ID: 942729171-4266983199
                                                                          • Opcode ID: b831366131b4f3542494ad7700b3a5f5c62020a808a7458020471f074fd8a930
                                                                          • Instruction ID: d8f6ebe54d571403eb9c7e6ee8aefe5f77eb39008ecb18bf861fe9e18336c103
                                                                          • Opcode Fuzzy Hash: b831366131b4f3542494ad7700b3a5f5c62020a808a7458020471f074fd8a930
                                                                          • Instruction Fuzzy Hash: E2110671281631BAD7344B669C84EE7BEECEF127A4F9042B6B11993090D7709980D6F0
                                                                          APIs
                                                                          • GetWindowTextLengthW.USER32(00000000), ref: 00B334AB
                                                                          • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00B334BA
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: LengthMessageSendTextWindow
                                                                          • String ID: edit
                                                                          • API String ID: 2978978980-2167791130
                                                                          • Opcode ID: 9da34ccaa1c854225daf13f4069869f775259d27ce15cdf60f501441d71b57a9
                                                                          • Instruction ID: 3e4d8b5bf286bb0f17690089dcbacb80bbb67416f0c9995b220b520e5bf307a9
                                                                          • Opcode Fuzzy Hash: 9da34ccaa1c854225daf13f4069869f775259d27ce15cdf60f501441d71b57a9
                                                                          • Instruction Fuzzy Hash: 6F118F71100208ABEB124F64DC85AAB3BEAEB15B74F604764F965A72E0C771DC919B60
                                                                          APIs
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                          • CharUpperBuffW.USER32(?,?,?), ref: 00B06CB6
                                                                          • _wcslen.LIBCMT ref: 00B06CC2
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$BuffCharUpper
                                                                          • String ID: STOP
                                                                          • API String ID: 1256254125-2411985666
                                                                          • Opcode ID: 4851bf9eafde6ff3944febc545d4c08d2c4c4ae5cbb104e3ec21b3b798743b4c
                                                                          • Instruction ID: f4ecf05cea2b1c3766c23eab6a0d7470449604d4b8f27bbf92dcf7b736d7d2cf
                                                                          • Opcode Fuzzy Hash: 4851bf9eafde6ff3944febc545d4c08d2c4c4ae5cbb104e3ec21b3b798743b4c
                                                                          • Instruction Fuzzy Hash: FF01C032A0052A8BEB21AFBDDD819BF7BE5EA65710B100679E862971D0EB31D960C650
                                                                          APIs
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                            • Part of subcall function 00B03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B03CCA
                                                                          • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00B01D4C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                          • String ID: ComboBox$ListBox
                                                                          • API String ID: 624084870-1403004172
                                                                          • Opcode ID: ea344e70f27b04aeb3a59db5f2a92aaaeedab543bbb071d43f98bb70488bd0ba
                                                                          • Instruction ID: e5ef1873a167699f0ca0865b3e132cd28558856ffcfcc16ce396a3bf8dd1b544
                                                                          • Opcode Fuzzy Hash: ea344e70f27b04aeb3a59db5f2a92aaaeedab543bbb071d43f98bb70488bd0ba
                                                                          • Instruction Fuzzy Hash: C201B571601218ABCB18EFA4CD558FF7BE8EB46350B140A99F822672D1EA3459088660
                                                                          APIs
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                            • Part of subcall function 00B03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B03CCA
                                                                          • SendMessageW.USER32(?,00000180,00000000,?), ref: 00B01C46
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                          • String ID: ComboBox$ListBox
                                                                          • API String ID: 624084870-1403004172
                                                                          • Opcode ID: 0c1f140b84fc94ee3b7465bacb39f21cda3f68325d3b85f92be0f6627bd8074c
                                                                          • Instruction ID: d38bdbdc74cca1e322ea372c2a2a0688551e608d7c55a85df07b8c39f2b9ea7f
                                                                          • Opcode Fuzzy Hash: 0c1f140b84fc94ee3b7465bacb39f21cda3f68325d3b85f92be0f6627bd8074c
                                                                          • Instruction Fuzzy Hash: 5B01F7716801086BDB28EB94CA529FF7BE8DB16340F140499B406772C1EE24DE4886B1
                                                                          APIs
                                                                            • Part of subcall function 00AA9CB3: _wcslen.LIBCMT ref: 00AA9CBD
                                                                            • Part of subcall function 00B03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B03CCA
                                                                          • SendMessageW.USER32(?,00000182,?,00000000), ref: 00B01CC8
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                          • String ID: ComboBox$ListBox
                                                                          • API String ID: 624084870-1403004172
                                                                          • Opcode ID: 0b381ff569c258b79d14af2ff7eaf2e45d118773b63c1323cb889c9e42f52997
                                                                          • Instruction ID: ffd989195f0dac9a87e528556594b18fb59b74584fa5279a1ffaf539ebff1831
                                                                          • Opcode Fuzzy Hash: 0b381ff569c258b79d14af2ff7eaf2e45d118773b63c1323cb889c9e42f52997
                                                                          • Instruction Fuzzy Hash: 4701DB7164011867DB28EB94CB55AFF7BECDB12380F140455B801772C1EE24DF18C671
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen
                                                                          • String ID: 3, 3, 16, 1
                                                                          • API String ID: 176396367-3042988571
                                                                          • Opcode ID: 64314b9cc58334d9193530f0bea0d788aa0526c1d9b3f552f53439bc798498a6
                                                                          • Instruction ID: ef47896783fac19fde9a2a6ec60e751b5d77d92f49251f8e146aaaa2c97f76d2
                                                                          • Opcode Fuzzy Hash: 64314b9cc58334d9193530f0bea0d788aa0526c1d9b3f552f53439bc798498a6
                                                                          • Instruction Fuzzy Hash: 78E02B066542301092313279BDC1EBF56C9CFC9750710186FF999C236AEEA48D9293AC
                                                                          APIs
                                                                          • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00B00B23
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: Message
                                                                          • String ID: AutoIt$Error allocating memory.
                                                                          • API String ID: 2030045667-4017498283
                                                                          • Opcode ID: 1b55865e376506e5b391a290325983ad18c2798cc744e4b580adbfc8b30dbb5a
                                                                          • Instruction ID: a0b164f5bd323f98a5c75aae5ce9e17fde5a9b9e418c363d421d6581e0058fd4
                                                                          • Opcode Fuzzy Hash: 1b55865e376506e5b391a290325983ad18c2798cc744e4b580adbfc8b30dbb5a
                                                                          • Instruction Fuzzy Hash: E4E0D8322443182AD21036947D03FC97FC8CF05B11F24046AFB58654D38BE1645007E9
                                                                          APIs
                                                                            • Part of subcall function 00ABF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00AC0D71,?,?,?,00AA100A), ref: 00ABF7CE
                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,00AA100A), ref: 00AC0D75
                                                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00AA100A), ref: 00AC0D84
                                                                          Strings
                                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00AC0D7F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                          • API String ID: 55579361-631824599
                                                                          • Opcode ID: 48614ac4fab4c8af7e4c8f747f8ce5ce72b2fd10219c93358ce3838a1f8d437a
                                                                          • Instruction ID: 7e7074e66c8a27b06820b227f7237b4adf94d61ab1980ed2fe624ce322ede13d
                                                                          • Opcode Fuzzy Hash: 48614ac4fab4c8af7e4c8f747f8ce5ce72b2fd10219c93358ce3838a1f8d437a
                                                                          • Instruction Fuzzy Hash: F3E06D702003118BD3619FBCD904B567BE4AB00740F11496DE887D7661EFB4E4848BA1
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: LocalTime
                                                                          • String ID: %.3d$X64
                                                                          • API String ID: 481472006-1077770165
                                                                          • Opcode ID: 65d8f9301ba33947f4edcbaab52448f72d99a2611ee295119ab9b5d9e2254b56
                                                                          • Instruction ID: e4ec695414edee3bb04aff097f87698860de312dff6f47488b9d79a1bd98bb21
                                                                          • Opcode Fuzzy Hash: 65d8f9301ba33947f4edcbaab52448f72d99a2611ee295119ab9b5d9e2254b56
                                                                          • Instruction Fuzzy Hash: 1BD012B180810CE9CB5197D0CC458FAB7BDFB08341F608452FA06A2041E634C50867A1
                                                                          APIs
                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B3232C
                                                                          • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00B3233F
                                                                            • Part of subcall function 00B0E97B: Sleep.KERNEL32 ref: 00B0E9F3
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: FindMessagePostSleepWindow
                                                                          • String ID: Shell_TrayWnd
                                                                          • API String ID: 529655941-2988720461
                                                                          • Opcode ID: 0152af608e82e6fd7f61ad0c01f78029c2b3363cc4bd39c58aa33c3710cc21d9
                                                                          • Instruction ID: 2e773cf9b9ef47f4c363aaadf8e5b1fb74028b31592195ee84950eef5967d599
                                                                          • Opcode Fuzzy Hash: 0152af608e82e6fd7f61ad0c01f78029c2b3363cc4bd39c58aa33c3710cc21d9
                                                                          • Instruction Fuzzy Hash: AED0C936394310B6E664A7B09C0FFDA7E54AB10B10F1149567655BB1E0C9B4A8018B54
                                                                          APIs
                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B3236C
                                                                          • PostMessageW.USER32(00000000), ref: 00B32373
                                                                            • Part of subcall function 00B0E97B: Sleep.KERNEL32 ref: 00B0E9F3
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: FindMessagePostSleepWindow
                                                                          • String ID: Shell_TrayWnd
                                                                          • API String ID: 529655941-2988720461
                                                                          • Opcode ID: 8f4483355796799d138f42632cf68eb3dff381adf1ec375ffab2ab329058ceb7
                                                                          • Instruction ID: 35ea3d2dc20da3d2ae143acfca3cc77d5f9c1fc5195e6362cfe33caa0b04ef20
                                                                          • Opcode Fuzzy Hash: 8f4483355796799d138f42632cf68eb3dff381adf1ec375ffab2ab329058ceb7
                                                                          • Instruction Fuzzy Hash: 2BD0C9323813107AE664A7B09C0FFCA7A54AB15B10F5149567655BB1E0C9B4A8018B54
                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00ADBE93
                                                                          • GetLastError.KERNEL32 ref: 00ADBEA1
                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00ADBEFC
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2067216584.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.2067200015.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067270953.0000000000B62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067309371.0000000000B6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2067326633.0000000000B74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_rTTSWIFTCOPIES.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                                          • String ID:
                                                                          • API String ID: 1717984340-0
                                                                          • Opcode ID: 2a395a0463644f934f0975004d823af3bea72314187d1ad47d2fb3ac1eeaec5e
                                                                          • Instruction ID: 74ada38d48943c55b244f7ecbd0d1c7d5c07e81a884ff70a84d94336dd8cffe5
                                                                          • Opcode Fuzzy Hash: 2a395a0463644f934f0975004d823af3bea72314187d1ad47d2fb3ac1eeaec5e
                                                                          • Instruction Fuzzy Hash: 5C41C435610246EFCB21CFA5CD44BAA7BA5AF45310F26416AF95A9B3A1DB30DD00DB70